HackTheBox - Atom

IppSec · Beginner ·📰 AI News & Updates ·4y ago
00:00 - Intro 00:50 - Start of nmap 02:15 - Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit it later) 03:00 - Examining the webpage 04:15 - Explaining why i use lowercase wordlists on against Windows Webservers 06:00 - Listing shares with smbclient to find an open share 07:30 - Decompiling the Electron installer/app with asar 12:00 - Everything is extracted looking at package.json and main.js to find electron-updater 14:10 - Searching for exploits within Electron 15:30 - Using MSFVENOM to build a reverse shell 16:45 - Editing our installer YAML to point to our reverse shell 19:30 - Putting the files on the share and getting our reverse shell 21:30 - Exploring the box to find PortableKanban 22:30 - Copying the config to our box so we can extract the database password 25:40 - Using CyberChef to decrypt the Portable Kanban password 28:20 - Authenticating to Redit-CLI and dumping the user information to get administrator password 30:30 - Using rundll32 to create a memory dump of LSASS so we can extract a password 32:30 - Downloading lsass.dmp with evil-winrm 35:30 - Using Pypykatz to parse the dump file and get Jason's password 38:30 - Building our environment to perform CVE-2021-1675 (PrintNightmare) 42:50 - Using PrintNightmare to connect to our netcat to verify it is vulnerable 44:20 - Building a DLL to send a reverse shell 46:50 - Having trouble with Impacket's SMBServer, configuring our local SMBD to work with this exploit 49:20 - Reading more errors from impacket to verify we do have code execution 50:10 - Giving a file that doesn't exist to see another error... More verifying that this is working 51:20 - Giving it our ReverseShell DLL to get a reverse shell
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →
1 HHC2016 - Analytics
HHC2016 - Analytics
IppSec
 2 HackTheBox - October
HackTheBox - October
IppSec
 3 HackTheBox - Arctic
HackTheBox - Arctic
IppSec
 4 HackTheBox - Brainfuck
HackTheBox - Brainfuck
IppSec
 5 HackTheBox - Bank
HackTheBox - Bank
IppSec
 6 HackTheBox - Joker
HackTheBox - Joker
IppSec
 7 HackTheBox - Lazy
HackTheBox - Lazy
IppSec
 8 Camp CTF 2015 - Bitterman
Camp CTF 2015 - Bitterman
IppSec
 9 HackTheBox - Devel
HackTheBox - Devel
IppSec
 10 Reversing Malicious Office Document (Macro) Emotet(?)
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
 11 HackTheBox - Granny and Grandpa
HackTheBox - Granny and Grandpa
IppSec
 12 HackTheBox - Pivoting Update: Granny and Grandpa
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
 13 HackTheBox - Optimum
HackTheBox - Optimum
IppSec
 14 HackTheBox - Charon
HackTheBox - Charon
IppSec
 15 HackTheBox - Sneaky
HackTheBox - Sneaky
IppSec
 16 HackTheBox - Holiday
HackTheBox - Holiday
IppSec
 17 HackTheBox - Europa
HackTheBox - Europa
IppSec
 18 Introduction to tmux
Introduction to tmux
IppSec
 19 HackTheBox - Blocky
HackTheBox - Blocky
IppSec
 20 HackTheBox - Nineveh
HackTheBox - Nineveh
IppSec
 21 HackTheBox - Jail
HackTheBox - Jail
IppSec
 22 HackTheBox - Blue
HackTheBox - Blue
IppSec
 23 HackTheBox - Calamity
HackTheBox - Calamity
IppSec
 24 HackTheBox - Shrek
HackTheBox - Shrek
IppSec
 25 HackTheBox - Mirai
HackTheBox - Mirai
IppSec
 26 HackTheBox - Shocker
HackTheBox - Shocker
IppSec
 27 HackTheBox - Mantis
HackTheBox - Mantis
IppSec
 28 HackTheBox - Node
HackTheBox - Node
IppSec
 29 HackTheBox - Kotarak
HackTheBox - Kotarak
IppSec
 30 HackTheBox - Enterprise
HackTheBox - Enterprise
IppSec
 31 HackTheBox - Sense
HackTheBox - Sense
IppSec
 32 HackTheBox - Minion
HackTheBox - Minion
IppSec
 33 VulnHub - Sokar
VulnHub - Sokar
IppSec
 34 VulnHub - Pinkys Palace v2
VulnHub - Pinkys Palace v2
IppSec
 35 HackTheBox - Inception
HackTheBox - Inception
IppSec
 36 Vulnhub - Trollcave 1.2
Vulnhub - Trollcave 1.2
IppSec
 37 HackTheBox - Ariekei
HackTheBox - Ariekei
IppSec
 38 HackTheBox - Flux Capacitor
HackTheBox - Flux Capacitor
IppSec
 39 HackTheBox - Jeeves
HackTheBox - Jeeves
IppSec
 40 HackTheBox - Tally
HackTheBox - Tally
IppSec
 41 HackTheBox - CrimeStoppers
HackTheBox - CrimeStoppers
IppSec
 42 HackTheBox - Fulcrum
HackTheBox - Fulcrum
IppSec
 43 HackTheBox - Chatterbox
HackTheBox - Chatterbox
IppSec
 44 HackTheBox - Falafel
HackTheBox - Falafel
IppSec
 45 How To Create Empire Modules
How To Create Empire Modules
IppSec
 46 HackTheBox - Nightmare
HackTheBox - Nightmare
IppSec
 47 HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
 48 HackTheBox - Bart
HackTheBox - Bart
IppSec
 49 HackTheBox - Aragog
HackTheBox - Aragog
IppSec
 50 HackTheBox - Valentine
HackTheBox - Valentine
IppSec
 51 HackTheBox - Silo
HackTheBox - Silo
IppSec
 52 HackTheBox - Rabbit
HackTheBox - Rabbit
IppSec
 53 HackTheBox - Celestial
HackTheBox - Celestial
IppSec
 54 HackTheBox - Stratosphere
HackTheBox - Stratosphere
IppSec
 55 HackTheBox - Poison
HackTheBox - Poison
IppSec
 56 HackTheBox - Canape
HackTheBox - Canape
IppSec
 57 HackTheBox - Olympus
HackTheBox - Olympus
IppSec
 58 HackTheBox - Sunday
HackTheBox - Sunday
IppSec
 59 HackTheBox - Fighter
HackTheBox - Fighter
IppSec
 60 HackTheBox - Bounty
HackTheBox - Bounty
IppSec

Related AI Lessons

Elon Musk Boosts New Yorker’s Sam Altman Exposé on X as Trial Begins
Elon Musk shares an exposé on X as his trial against OpenAI begins, revealing the complex dynamics between tech giants
Wired AI
Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.
Big Tech firms are increasing AI investments, focusing on safety and responsible adoption, which is crucial for professionals to understand and apply in their work.
Dev.to AI
The Half-Life of Information
Learn to apply the concept of half-life of information to forecast systems and improve decision-making
Medium · AI
The crypto-to-AI bandwagon jumpers' club just landed another member: Core Scientific
Core Scientific is converting a bitcoin mining operation to an AI datacenter campus, highlighting the growing trend of crypto-to-AI transitions
The Register

Chapters (26)

Intro
0:50 Start of nmap
2:15 Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit i
3:00 Examining the webpage
4:15 Explaining why i use lowercase wordlists on against Windows Webservers
6:00 Listing shares with smbclient to find an open share
7:30 Decompiling the Electron installer/app with asar
12:00 Everything is extracted looking at package.json and main.js to find electron-u
14:10 Searching for exploits within Electron
15:30 Using MSFVENOM to build a reverse shell
16:45 Editing our installer YAML to point to our reverse shell
19:30 Putting the files on the share and getting our reverse shell
21:30 Exploring the box to find PortableKanban
22:30 Copying the config to our box so we can extract the database password
25:40 Using CyberChef to decrypt the Portable Kanban password
28:20 Authenticating to Redit-CLI and dumping the user information to get administra
30:30 Using rundll32 to create a memory dump of LSASS so we can extract a password
32:30 Downloading lsass.dmp with evil-winrm
35:30 Using Pypykatz to parse the dump file and get Jason's password
38:30 Building our environment to perform CVE-2021-1675 (PrintNightmare)
42:50 Using PrintNightmare to connect to our netcat to verify it is vulnerable
44:20 Building a DLL to send a reverse shell
46:50 Having trouble with Impacket's SMBServer, configuring our local SMBD to work w
49:20 Reading more errors from impacket to verify we do have code execution
50:10 Giving a file that doesn't exist to see another error... More verifying that t
51:20 Giving it our ReverseShell DLL to get a reverse shell
Up next
Google Cloud Next Highlights
Google Cloud
Watch →