Hacking Fluffy [HackTheBox Walkthrough] скачать в хорошем качестве

Hacking Fluffy [HackTheBox Walkthrough]

Welcome back everyone, we are back on a mission! A path to complete, and back to doing what worked so well when it all began. I hope you guys aren't too upset with me for not really being consistent throughout 2025 but what can you do... Sometimes life takes over and you just have to go with it. Today's machine was quite fun, although the certipy portions are quite fiddly which makes them tedious. But hey, we made it through. Very happy to be hacking again. Can't wait to bring you guys more videos on this Path to CPTS. Links to Resources ==================================== • https://i-tracing.com/blog/dacl-shado... • https://github.com/ly4k/Certipy/wiki/... •   / ad-cs-esc16-misconfiguration-and-exploitation   Link to Fluffy: https://app.hackthebox.com/machines/662 I hope you enjoy! Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming. You can join with this link: https://referral.hackthebox.com/mz2rqum ================================================== 00:00 Welcome & Setup 01:31 Back to Basics 02:34 Enumeration 05:09 SMB Enumeration 06:34 Writable IT share spotted 08:17 SMBclient - Recursive pull (HTB-safe) 09:52 Finishing Enumeration & Nmap Notes 12:05 .PDF security advisory 14:39 CVE- 2025-24071 - NTLM hash leak via library files 17:49 Build PoC ZIP & start Responder 20:45 Cracking NTLMv2 Hash using Hashcat 23:10 BloodHound Enumeration 26:46 Finding Path to Escalate Privileges 30:48 Exploiting GenericAll using BloodyAD 34:52 Exploiting GenericWrite using Shadow Credentials 36:39 Step1 - Populate msDS-KeyCredentialLink using pyWhisker 38:59 Step 2 - Unprotect Certificate using certipy 42:21 Step3 - Authenticate and get the Winrm_svc Hash 43:47 Fixing "Clock Skew Too Great" Error 47:06 Attempting Certipy Auto Shadow .... Fail 49:29 Using Evil-Winrm to PtH and Login 52:15 Exploiting GenericWrite to get the ca_svc Hash 56:01 Investigating ADCS 58:11 Using certipy to find vulnerable CA templates 1:00:27 ESC16 1:03:06 Using Certipy to Exploit ESC16 1:06:14 UPN swap to Administrator 1:11:55 Certificate Request using Certipy 1:17:04 Revert Changes 1:18:08 Authenticate using Stolen Certificate 1:19:52 Root Music: KaizanBlu (“Deep”; “4am”; “Thoughts”; “Places”; “Time”; “Sleep”; “Take Me with You”; “Remember”; “Closer”; “Before Dawn”; “Stay”; “I Deserve You”; “I Want You”; “Time Flies”)