HackTheBox - Overwatch

IppSec · Beginner ·🔐 Cybersecurity ·1w ago

Skills: Network Security90%

00:00 - Introduction 00:45 - Start of nmap 03:00 - Null Authentication lets us list open shares 05:30 - Using SMBClient and downloading the overwatch binary and config from the fileshare 08:40 - Using ilSpycmd to decompile the dotnet from Linux 10:04 - Looking at the overwatch source, which is a WCF (Windows Communication Foundation) Binary 14:00 - Taking nmap allports output, doing some bashful to get a list of open ports to do our normal nmap against the open ports 17:40 - Finding MSSQL on port 6520, we can login. The Enum_Links shows an SQL Server, it hangs and says the host SQL07 doesn't exist 21:45 - Using BloodyAD to show AD Attributes we can write to, discover we can create DNS Entries, then creating a DNS Entry for SQL07 to point back to us and then getting the SQLMGMT user credentials 25:00 - Looking at the WCF Endpoint, examining the WSDL and explaining it a little bit 26:30 - Executing endpoints in the WCF Endpoint from PowerShell with New-WebServiceProxy and getting RCE on the server 33:00 - Showing how we could have enumerated services from our first shell

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

How to Map Out Your Digital Footprint Before Attackers Do in 2026

Learn to map your digital footprint to protect against cyber threats by using open-source intelligence techniques

Medium · Cybersecurity

The Most Dangerous Kind of Information

A single, obvious statement can collapse a system of minds due to the meta-cognition trap, highlighting the importance of critical thinking in cybersecurity

Medium · Cybersecurity

Hardware End-of-Support-Life (EOSL) — The EOL Risk Nobody Tracks

Understand the risks of hardware End-of-Support-Life (EOSL) and how it creates vulnerabilities similar to end-of-life software

Dev.to · endoflife-ai

Hidden Compliance Risks from Unsupported Software — What Auditors Find First

Auditors can find hidden compliance risks from unsupported software, affecting SOC 2, PCI DSS, HIPAA, and ISO 27001 certifications

Dev.to · endoflife-ai

Chapters (12)

Introduction

0:45 Start of nmap

3:00 Null Authentication lets us list open shares

5:30 Using SMBClient and downloading the overwatch binary and config from the files

8:40 Using ilSpycmd to decompile the dotnet from Linux

10:04 Looking at the overwatch source, which is a WCF (Windows Communication Foundat

14:00 Taking nmap allports output, doing some bashful to get a list of open ports to

17:40 Finding MSSQL on port 6520, we can login. The Enum_Links shows an SQL Server,

21:45 Using BloodyAD to show AD Attributes we can write to, discover we can create D

25:00 Looking at the WCF Endpoint, examining the WSDL and explaining it a little bit

26:30 Executing endpoints in the WCF Endpoint from PowerShell with New-WebServicePro

33:00 Showing how we could have enumerated services from our first shell

Mouse disappearing in Kali? Fix it 2026 (VMWare Workstation Pro)