HackTheBox Forest

>> DIRECT DOWNLOAD LINK 🎞️ #1 <<

>> DIRECT DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎞️ #3 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

YOUR LINK HERE:

http://youtube.com/watch?v=H9FcE_FMZio

00:00 - Intro • 01:15 - Running NMAP and queuing a second nmap to do all ports • 05:40 - Using LDAPSEARCH to extract information out of Active Directory • 08:30 - Dumping user information from AD via LDAP then creating a wordlist of users • 12:10 - Creating a custom wordlist for password spraying with some bashfu and hashcat • 18:30 - Using CrackMapExec to dump the password policy of Active Directory using a null authentication, then doing a Password Spray • 22:00 - Enumerating information out of AD using rpcclient and null authentication • 28:10 - Now that our PWSpray is running in the background, lets go through Impacket Scripts to see what works. • 29:30 - Using GetNPUsers to perform an ASREP Roast (Kerberos PreAuth) with Null Authentication to extract SVC-ALFRESCO's hash. Then Cracking it. • 36:20 - Using Evil-WinRM to get a shell on the box with SVC-ALFRESCO's credentials • 37:30 - Setting up a SMBShare, using New-PSDRive to mount the share, then running WinPEAS • 42:20 - Going over WinPEAS Output • 44:20 - Downloading Bloodhound and the SharpHound Ingestor • 48:50 - Importing the Bloodhound Results and finding an AD Attack Path • 52:10 - Going over the Account Operators Group (will allow us to create an account) • 53:30 - Using Net User to create a new user, then adding it to the Exchange Group • 58:40 - Downloading the PowerSploit Dev Branch to utilize the function Add-DomainObjectAcl • 01:01:40 - Some basic troubleshooting when the command goes wrong, then giving ippsec the DCSync Rights • 01:02:30 - Performing SecretsDump to perform a DCSync and extract hashes, then PSEXEC with Administrator to gain access • 01:07:10 - Going over the --users option in hashcat so you can easily identify whos hash was cracked • 01:10:43 - Using the KRBTGT Hash to perform the GoldenTicket attack from Linux • 01:35:11 - Showing it worked, Issues were we could not use IP Addresses anywhere in the command and need FQDN for the domain. Create entries in Host file if DNS is not there.

#############################