WebClient Abuse with Shadow Credentials

Sorry I said "um" almost a million times in this recording. Not used to moving so many things from one screen to another and narrating at the same time. I'll work on it :)
This is a demonstration of abusing the WebClient service resulting in shadow credentials being created for a machine account, and eventually the compromise of the machine. The cool thing here is that as long as the machine is running the WebClient service, all we need to escalate privileges on this computer is any domain account. Credit to @alh4zr3d3 for the idea and much of the tradecraft here: x.com/Alh4zr3d/status/1767211616670499154.
Toolset:
netexec (apt)
python3-impacket (apt)
krbrelayx (github.com/dirkjanm/krbrelayx)
PKINITtools (github.com/dirkjanm/PKINITtools)
Prerequisites for shadow credentials acc. to HackTricks:
book.hacktricks.xyz/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials#requirements

Відео

13:10

CyberLens (TryHackMe) Walkthrough

Переглядів 4382 місяці тому

This is a video walkthrough of the writeup I made for CyberLabs, the newest Challenge Room on TryHackMe. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/CyberLens (TryHackMe) Writeup/writeup.md Check out CyberLens on TryHackMe: tryhackme.com/r/room/cyberlensp6 Check out the Rhino Security Labs article about this vulnerability here: rhinosecuritylabs.com/application-secur...

Blogger (Proving Grounds Play) Walkthrough

14:19

Blogger (Proving Grounds Play) Walkthrough

Переглядів 733 місяці тому

This is a video walkthrough of the writeup I made for Blogger on OffSec's Proving Grounds platform. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Blogger (Proving Grounds) Writeup/writeup.md Got a slightly better mic placement this time, and remembered to make my terminal font bigger so that text can be seen better in the video. Hopefully next time I can make some clea...

25:32

Querier (Hack the Box) Walkthrough

Переглядів 495 місяців тому

This is a video walkthrough of the writeup I made for Querier on Hack the Box. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Querier (Hack the Box) Writeup/writeup.md Still new to this, so apologies for the audio trailing off at times- I was trying to suppress my noisy keyboard :) Hopefully I'll get better at making these as I record a few more. I'll also definitely be...

КОМЕНТАРІ

@ohmsohmsohms 9 днів тому
nice :)
@user-wf1bw3og4c 13 днів тому
Very informative video thank you
@disastrousduckling 27 днів тому
nice !
@ratrace1703 2 місяці тому
thanks
@bradyjmcl Місяць тому
No prob, thanks for watching!
@xploitbinary 2 місяці тому
where do I get this powerup.ps1? is that from github?
@aminnayani1620 2 місяці тому
great video man, how did u learn the basics of this?
@bradyjmcl 2 місяці тому
Thank you! I discovered TryHackMe early in my IT career and started learning the basics from there. Since then, I've branched out to training from other vendors like TCM Security and OffSec, but I still firmly believe that you could learn all the basics you need from TryHackMe and Google.
@aminnayani1620 2 місяці тому
@@bradyjmcl is it possible to have a playlist of the basics that you learned? 1. The way that you setup the listener, the tool that you used in the video. 2. A little bit of nmap scan results. What you look for, what is interesting in the output. 3. Your recommendation on reading and basic rooms in tryhackme or any other platform. Your reply would be highly appreciated
@bradyjmcl 2 місяці тому
@@aminnayani1620 check out ua-cam.com/video/3FNYvj2U0HM/v-deo.htmlsi=cyi5HNkjrG9CCjfk. This is a great (free!) course to get you started, from almost zero to basically functional.
@TylerRamsbey 2 місяці тому
Great work!!
@bradyjmcl 2 місяці тому
Thanks!

Brady McLaughlin

КОМЕНТАРІ