HackTheBox - Jab
00:00 - Introduction
01:00 - Start of nmap
04:25 - Opening Pidgin to register with the Jabber Server then look at chatrooms
10:15 - Opening the XMPP Console so we can copy users to build the username list
11:50 - Running Kerbrute against the users to get a few ASREP Roast Hashes
15:45 - Having issues cracking the hash, need to specify downgrade on kerbrute
19:30 - Running bloodhound with jmontgomery
21:00 - Logged into jabber with jmontgomery, discover a new chatroom which has creds to svc_openfire user
22:55 - Opening bloodhound to discover svc_openfire can ExecuteDCOM
27:30 - Modifying NXC to allow us to ExecuteDCOM without admin permissions
30:00 - Using impacket's DcomEXEC to get a shell on the box
34:55 - Forwarding port 9090 to our box so we can access the OpenFire management website
37:15 - Uploading a malicious plugin to the OpenFire service
Watch video HackTheBox - Jab online without registration, duration hours minute second in high quality. This video was added by user IppSec 29 June 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 11,580 once and liked it 329 people.