HackTheBox - Authority скачать в хорошем качестве

HackTheBox - Authority

00:00 - Introduction 00:58 - Start of nmap 03:30 - Taking a look at the website 05:50 - Using NetExec to search for file shares and discovering the Development share is open. Using smbclient to download everything 08:00 - Exploring the Ansible Playbooks in the Development Share to discover encrypted passwords (ansible vault) 10:00 - Converting the Ansible Vault Hashes to John/Hashcat format so we can crack them 13:30 - Decrypting the values and getting some passwords, one of which lets us log into PWM (webapp) 19:50 - Adding a rogue ldap server into the PWM Config, then clicking test config will send us the password for the ldap account 27:00 - Running Certipy to find the server is vulnerable to ESC1, we just need to enroll a computer 28:00 - Using NetExec to show how the MachineAccoutnQuote, confirming we can enroll machines 29:00 - Using Impacket to add a rogue computer 30:00 - Using Certipy to perform the ESC1, it works but smart card login isn't enabled so we can't log in right away. 33:30 - Looking at the error message, finding we can PassTheCert to LDAP which then will let us get admin 37:15 - Using PassTheCert to add ourselves to the Domain Administrator group 39:25 - Showing PassTheSert to set_rbcd, which will enable our rogue computer the ability to sign krb, allowing us to impersonate the administrator