У нас вы можете посмотреть бесплатно Intelligence - HacktheBox (OSCP Prep) - TJ Nulls или скачать в максимальном доступном качестве, которое было загружено на ютуб. Для скачивания выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса savevideohd.ru
Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (by bruteforcing a common naming scheme) and inspecting their contents and metadata, which reveal a default password and a list of potential AD users, password spraying leads to the discovery of a valid user account, granting initial foothold on the system. A scheduled PowerShell script that sends authenticated requests to web servers based on their hostname is discovered; by adding a custom DNS record, it is possible to force a request that can be intercepted to capture the hash of a second user, which is easily crackable. This user is allowed to read the password of a group managed service account, which in turn has constrained delegation access to the domain controller, resulting in a shell with administrative privileges. Skills Required - Enumeration Password spraying Password cracking Basic Active Directory knowledge ------------------ Skills Learned Source Code Review ADIDNS abuse ReadGMSAPassword abuse Constrained delegation abuse ------------------ Tools - manual enumeration - netexec - powershell - bloodhound - bloodhound-python - neo4j ------------------ Certifications: Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/ Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/ Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/ Certified Ethical Hacker (CEH): EC-Council -------------------- Socials: Tryhackme: https://tryhackme.com/p/NoxLumens Hackthebox: https://app.hackthebox.com/profile/17... Twitch: / noxlumens