HackTheBox - Manager
00:00 - Introduction
01:00 - Start of Nmap
03:20 - Checking out the website, deciding there isn't much of interest here
05:10 - Running Kerbrute with a userlist to identify valid users
05:50 - Showing what Kerbrute is doing with NetExec
09:00 - A better way to enumerate valid users, RID Bruteforce, showing it with NetExec
10:50 - Using RPCClient to show how RID Bruteforce works
14:00 - Using NetExec to bruteforce users with the password of their username
17:55 - Showing off the NetExec Database
19:30 - Switching over to testing accounts for MSSQL Access with NetExec
21:20 - Using Impacket's MSSQLClient to access the MSSQL Server and running XP_DIRTREE to find a backup on the webserver
23:20 - Finding a credential for Raven in the backup file
26:50 - Using Certipy to find out the server is exploitable to ADCS ESC7, then exploiting it
Watch video HackTheBox - Manager online without registration, duration hours minute second in high quality. This video was added by user IppSec 16 March 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 12,251 once and liked it 414 people.