Скачать с ютуб Intelligence - HacktheBox (OSCP Prep) - TJ Nulls в хорошем качестве

Intelligence - HacktheBox (OSCP Prep) - TJ Nulls

Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (by bruteforcing a common naming scheme) and inspecting their contents and metadata, which reveal a default password and a list of potential AD users, password spraying leads to the discovery of a valid user account, granting initial foothold on the system. A scheduled PowerShell script that sends authenticated requests to web servers based on their hostname is discovered; by adding a custom DNS record, it is possible to force a request that can be intercepted to capture the hash of a second user, which is easily crackable. This user is allowed to read the password of a group managed service account, which in turn has constrained delegation access to the domain controller, resulting in a shell with administrative privileges. Skills Required - Enumeration Password spraying Password cracking Basic Active Directory knowledge ------------------ Skills Learned Source Code Review ADIDNS abuse ReadGMSAPassword abuse Constrained delegation abuse ------------------ Tools - manual enumeration - netexec - powershell - bloodhound - bloodhound-python - neo4j ------------------ Certifications: Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/ Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/ Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/ Certified Ethical Hacker (CEH): EC-Council -------------------- Socials: Tryhackme: https://tryhackme.com/p/NoxLumens Hackthebox: https://app.hackthebox.com/profile/17... Twitch:   / noxlumens