Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
Вставка
- Опубліковано 14 бер 2024
- Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (by bruteforcing a common naming scheme) and inspecting their contents and metadata, which reveal a default password and a list of potential AD users, password spraying leads to the discovery of a valid user account,
granting initial foothold on the system. A scheduled PowerShell script that sends authenticated requests to web servers based on their hostname is discovered; by adding a custom DNS record, it is possible to force a request that can be intercepted to capture the hash of a second user, which is easily crackable. This user is allowed to read the password of a group managed service account, which in turn has constrained delegation access to the domain controller, resulting in a shell with administrative privileges.
Skills Required
- Enumeration
Password spraying
Password cracking
Basic Active Directory knowledge
------------------
Skills Learned
Source Code Review
ADIDNS abuse
ReadGMSAPassword abuse
Constrained delegation abuse
------------------
Tools
- manual enumeration
- netexec
- powershell
- bloodhound
- bloodhound-python
- neo4j
------------------
Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: tryhackme.com/p/NoxLumens
Hackthebox: app.hackthebox.com/profile/17...
Twitch: / noxlumens - Наука та технологія
GG
If it’s a good GG. Thank you! If it’s a bad gg let me know what I messed up? I’m always looking to improve. 🙂
Good for sure! Loving these :) @@noxlumens
Thank you @AuZZiExHD, you comment got stuck in 'held for review' for some reason. Sorry I didn't see it sooner. :)
The terminal font and style were a bit dim couldn't read the type commands, Please change it if u have no issue with that's.
Is it the dark purple in the terminal on '-la' type commands in the terminal window? If it's in sublime I can definitely change it, and If it's obsidian I'm sure I can fiddle with the CSS on the template. Also thank you for the feedback. I definitely want the text to be visible.
Same great video though..but hard to read
@@skriptak6308 I've updated my terminal so in future videos it should be easier to read also thank you.
great and please show us how you used the chat GPT for scripting
This is the prompt I used to get the script from chatGPT. You may geta different result but with some testing you should be able to get the same result. You might even get the exact result it gave me.
My prompt:
I need a python script to search from date 2020-01-01 until 2023-01-01 and put it where the $date is in '10.10.10.10/Documents/$date-upload.pdf' then wget all requests that return a 200 response
My second prompt:
once complete i want the script to use exiftool to check for the creator tag
You can use variations of these prompts or once you give chatGPT the prompt and it responds, you can ask for 5 alternative ways to write the script.