00:00 - Intro
01:00 - Begin of nmap, see a Active Directory server with HTTP
05:20 - Gathering usernames from the website
06:20 - Using KerBrute to enumerate which users are valid
08:00 - Using Cewl to generate a password list for brute forcing
09:25 - Using Hashcat to generate a password list for brute forcing
15:50 - Trying to use RPCClient to change the password. Cannot
18:00 - Using SMBPasswd to change the password
22:00 - Logging in via RPCClient and enumerating Active Directorry with EnumDomUsers and EnumPrinters
24:40 - Password for SVC-PRINT found via Printer description (EnumPrinters) in Active Directory, Logging in with WinRM
26:50 - Discovering SeLoadDriverPrivilege
27:30 - Switching to Windows Downloading everything needed for loading the Capcom Driver and Exploiting it
28:50 - Compiling the EoPLoadDriver from TarlogicSecurity
31:50 - Compiling ExploitCapcom from FuzzySecurity
35:00 - Copying everything to our Parrot VM then to Fuse
37:45 - Loading the Capcom Driver then failing to get code execution
41:30 - Creating a DotNet Reverse shell incase the Capcom Exploit didn't like PowerShell
47:50 - Exploring the ExploitCapcom source and editing it to execute our reverse shell
50:11 - Copying our new ExploitCapcom file and getting a shell
Негізгі бет HackTheBox - Fuse
Пікірлер: 46