HackTheBox - Absolute
00:00 - Intro
01:00 - Start of nmap discovering Active Directory (AD)
04:15 - Using wget to mirror the website, then a find command with exec to run exiftool and extract all user names in metadata
06:45 - Using Username Anarchy to build a wordlist of users from our dump and then Kerbrute to enumerate valid ones
13:55 - Building Kerbrute from source to get the latest feature of auto ASREP Roasting
16:20 - Kerbrute pulled the wrong type of hash, using the downgrade to pull etype 18 of the hash
21:30 - Running Bloodhound with , using Kerberos authentication
24:50 - Going over the bloodhound data and finding some attack paths
31:13 - Manually parsing the Bloodhound with JQ to show descriptions for all users and finding the SVC_SMB password in the Description
34:45 - EDIT: Don’t want to use Blodhound? Showing LdapSearch with Kerberos, and why the FQDN has to be first in the /etc/hosts file
40:30 - End of edit: Using SMBClient with SVC_SMB and Kerberos to download files
46
3 months ago 00:10:23 1
6 months ago 00:00:00 1
7 months ago 00:04:06 1
8 months ago 00:32:44 18
8 months ago 00:34:38 2
8 months ago 01:27:34 5
8 months ago 00:37:18 6
8 months ago 00:41:25 5
8 months ago 01:46:13 2
8 months ago 01:12:42 4
8 months ago 00:26:29 1
8 months ago 02:06:46 2
8 months ago 00:54:43 11
8 months ago 02:05:30 1
8 months ago 00:33:44 1
9 months ago 00:27:16 1
9 months ago 00:30:39 1
10 months ago 11:21:04 1
11 months ago 05:30:24 3
11 months ago 01:02:06 16
11 months ago 00:16:21 18
11 months ago 02:09:39 15
12 months ago 00:29:19 2
1 year ago 00:39:17 7
