HackTheBox - Voleur скачать в хорошем качестве

HackTheBox - Voleur

00:00 - Introduction 01:00 - Start of nmap 07:20 - Running RustHound 08:30 - Running smbclient with Kerberos, to login to the fileshare as Ryan and downloading/cracking a word document with password 12:50 - Opening the Access Review Document, discovering multiple credentials and looking at bloodhound to see what we can do 18:30 - Performing a TargetedKerberost to gain access to the WinRM Account and then using RunasCS to gain a shell as SVC_LDAP 25:40 - Using the AD Powershell Module to restore a deleted user 27:20 - Showing we didn't need a shell to restore the deleted user, doing it manually first showing ldapsearch can see deleted users then running the tombstone netexec module 38:30 - Todd.Wolfe is a member of second-line technician. Looking at the fileshare to discover his user backup 41:40 - Running Netexec Spider_Plus to dump the fileshare and discovering DPAPI Saved Blobs 46:00 - Using impacket-dpapi to decrypt the dpapi data that was in the backup 50:30 - Getting access to Jeremy.Combs, who has SSH Access to the box 58:30 - Finding the NTDS Backup, running secretsdump to get Administrator