HackTheBox - Manager
00:00 - Introduction
01:00 - Start of Nmap
03:20 - Checking out the website, deciding there isn't much of interest here
05:10 - Running Kerbrute with a userlist to identify valid users
05:50 - Showing what Kerbrute is doing with NetExec
09:00 - A better way to enumerate valid users, RID Bruteforce, showing it with NetExec
10:50 - Using RPCClient to show how RID Bruteforce works
14:00 - Using NetExec to bruteforce users with the password of their username
17:55 - Showing off the NetExec Database
19:30 - Switching over to testing accounts for MSSQL Access with NetExec
21:20 - Using Impacket's MSSQLClient to access the MSSQL Server and running XP_DIRTREE to find a backup on the webserver
23:20 - Finding a credential for Raven in the backup file
26:50 - Using Certipy to find out the server is exploitable to ADCS ESC7, then exploiting it
Watch video HackTheBox - Manager online, duration hours minute second in high quality that is uploaded to the channel IppSec 16 March 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 12,251 times and liked it 414 visitors.
