HackTheBox - Atom
00:00 - Intro
00:50 - Start of nmap
02:15 - Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit it later)
03:00 - Examining the webpage
04:15 - Explaining why i use lowercase wordlists on against Windows Webservers
06:00 - Listing shares with smbclient to find an open share
07:30 - Decompiling the Electron installer/app with asar
12:00 - Everything is extracted looking at package.json and main.js to find electron-updater
14:10 - Searching for exploits within Electron
15:30 - Using MSFVENOM to build a reverse shell
16:45 - Editing our installer YAML to point to our reverse shell
19:30 - Putting the files on the share and getting our reverse shell
21:30 - Exploring the box to find PortableKanban
22:30 - Copying the config to our box so we can extract the database password
25:40 - Using CyberChef to decrypt the Portable Kanban password
28:20 - Authenticating to Redit-CLI and dumping the user information to get administrator password
30:30 - Using rundll32 to create a memory dump of LSASS so we can extract a password
32:30 - Downloading lsass.dmp with evil-winrm
35:30 - Using Pypykatz to parse the dump file and get Jason's password
38:30 - Building our environment to perform CVE-2021-1675 (PrintNightmare)
42:50 - Using PrintNightmare to connect to our netcat to verify it is vulnerable
44:20 - Building a DLL to send a reverse shell
46:50 - Having trouble with Impacket's SMBServer, configuring our local SMBD to work with this exploit
49:20 - Reading more errors from impacket to verify we do have code execution
50:10 - Giving a file that doesn't exist to see another error... More verifying that this is working
51:20 - Giving it our ReverseShell DLL to get a reverse shell
Watch video HackTheBox - Atom online, duration hours minute second in high quality that is uploaded to the channel IppSec 10 July 2021. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 22,794 times and liked it 641 visitors.
![Is A 360Hz Monitor Worth It For Gaming? [Simple]](https://images.reviewsvideo.ru/videos/GMQM75HnW1I)
