HackTheBox – Office
00:00 – Introduction
01:00 – Start of nmap
02:00 – Testing the XAMPP PHP Vulnerability, which doesn’t work
06:20 – Getting the Joomla Version from the manifest, then exploiting CVE-2023-23752 to get the MySQL Password (same as devvortex)
11:30 – Using KerBrute to bruteforce valid usernames and then NetExec to spray the MySQL Password to get DWOLFE’s password
16:40 – Examining the PCAP on the FileShare then building a Kerberos Hash for ETYPE 18
22:30 – Logging into Joomla then getting a shell through editing a template
30:00 – Looking at the other VHOSTS on the box, discovering a site running on localhost
42:00 – Discovering an old version of LibreOffice, exploiting CVE-2023-2255 to get a shell
51:10 – Showing another way, since TSTARK can edit the registry to allow macros to run then just sending a malicious document
57:40 – Pillaging DPAPI with the RPC flag, since we don’t know the password and gained access to an interactive login
1:12:00 – We have the ability to edit GP as HHOGAN, using SharpGPOAbuse to create a local admin
by IppSec
linux dns server
Hey IppSec. Are you really always telling the same about nmap or do you have a script doing it? xD btw is there a reason why you put the flags -sC and -sV separately? I' doing it with -sCV. Thanks for your videos and take care…
I wish I was half as good as him. You are a pro, keep it up
Relaxing this Sunday morning watching my favorite hacker before my first OSCP attempt in a couple hours.
FYI wget in PowerShell is an alias for the Invoke-WebRequest cmdlet.
Just Wowww..!
Very good video ippsec. Thank you.
Do you think making videos for poc ‘s ?
Excellent as always, impressive. Good job dude!!!!!
I'm constantly amazed when I watch these videos and thinking "HOW DOES HE KNOW TO DO THAT?!?" Great stuff!!!
I'm watching every video of yours, and they are fantastic! I learn something new every time. Keep up the amazing work!
A new ippsec video nice!
Hey Ipp, do you go hard in the paint?
You bestt 🎉😂❤