Hi . Nice videos . I don’t understand how did u have an smb connection by manipulation de RFI url . What is happening on the url ip/please/subscribe . I didn’t understand this part of the video . The script only prints content of a file . Can you explain me please ? Thank you very much .
I believe we try to make a smb connection back to our attacker box, and when it tries to connect it gives the user name/hash and we capture the traffic with responder. Since the one trying to make the connection is a service (svc_apache) we get those credientials. As far as I am aware, AD stuff almost everything communicates with their user/hash combo
thanks, i learned a lot, like uploading desktop.ini and catching the response but i'd be still stuck at the kerberos appool part. gotta try harder i guess. BTW please do a rebuild video!
Because PS credential object works when you have a real terminal so when you are connected throught ssh, rdp, ecc.. If you are using meterpreter or another kind of reverse shell it will not work because is not "native"
Hi Ippsec, I am testing one box and ports that are open are 80, 443 and 3389. Port 80 and 443 opens the same web page and its a login screen. I have ran sqlmap, able to enumerate database name but not the tables. getting some errors. Bruteforced dirctories, but nothing interesting ad also ran bruteorce for 3389 but no luck Can you pleas perovide any inputs?
Yes please make a video of a box rebuild! 👍
Thanks Ippsec
Very insightful box! Thank you!
Hi! could you make a video about how you rebuild your box ? We all have our own way I guess
I second this request.
third
i think It's a pwnbox from htb
There is also a way to exploit the seprivilege with potato
Good Video!
great video, also a box rebuild video would be awesome
This is literally the besst machine so far
that tmux situation got clearly out of hand at some point 😆
the goat! :)
Around the 20 minute mark - my brain exploded. I'm starting to question whether or not IPPSec is human or not. Are you an AI bro?
Nice job
I love ippsec
Nice
The real curl binary now lives in Windows/System32 if that makes things easier. Not sure what version of Windows they started doing that with though
thanks
What linux distro do you run for hacking? Kali?
This is Parrot OS HTB edition
Hi . Nice videos . I don’t understand how did u have an smb connection by manipulation de RFI url . What is happening on the url ip/please/subscribe . I didn’t understand this part of the video . The script only prints content of a file . Can you explain me please ? Thank you very much .
I believe we try to make a smb connection back to our attacker box, and when it tries to connect it gives the user name/hash and we capture the traffic with responder. Since the one trying to make the connection is a service (svc_apache) we get those credientials. As far as I am aware, AD stuff almost everything communicates with their user/hash combo
thanks, i learned a lot, like uploading desktop.ini and catching the response but i'd be still stuck at the kerberos appool part. gotta try harder i guess. BTW please do a rebuild video!
Push!
Can someone please let me know why RunAsC is needed and can't just use PS credential Object?
Because PS credential object works when you have a real terminal so when you are connected throught ssh, rdp, ecc..
If you are using meterpreter or another kind of reverse shell it will not work because is not "native"
what a brainfuck machine 🔥
Did you leak your public IP ?
Do you use a VPN to connect to HTB besides the VPN they provide to connect to it. Like one to hide public IP
uh
Can I use potato in iis priv?
Hi Ippsec, I am testing one box and ports that are open are 80, 443 and 3389. Port 80 and 443 opens the same web page and its a login screen. I have ran sqlmap, able to enumerate database name but not the tables. getting some errors. Bruteforced dirctories, but nothing interesting ad also ran bruteorce for 3389 but no luck
Can you pleas perovide any inputs?
Do you have some minutes for me to talk to you about our lord and savior exegol?
What's going on, my politically incorrect racial epithets, it's ya boy Ippsec
How was this box seriously rated as hard? 😂🙈