HackTheBox - Jeeves

EKGBskG8APc/default.jpg

01:19 - Begin of Enumeration
04:15 - Avoiding the Rabbit Hole on port 80 (IIS)
06:00 - Begin of Jenkins
09:00 - Using Jenkins Script Console (Groovy) to gain code execution
12:00 - Reverse TCP Shell via Nishang
17:00 - Reverse Shell returned. PowerSplit dev branch to find unintended privesc (Tokens)
22:20 - Powersploit's Invoke-AllChecks completes
24:20 - Finding Keepass Database using Impack-SMBServer to transfer files
27:00 - Cracking the KeePass Database
30:20 - Using KeePass2 to open database
34:25 - PassTheHash via pth-winexe to gain administrator shell
35:20 - Grabbing root.txt that is hidden via Alternate Data Streams (ADS)
### BOX DONE
39:00 - Using RottenPotato to escalate to root via MSF
41:00 - Using Unicorn to gain a reverse MSF SHell
45:20 - Performing the attack
48:00 - Impersonating Token to gain root
### Unintended Done. Rest of video is me failing around, may be useful?

Good Read: https://foxglovesecurity.com/2016/09/...
If you want to try Rotten Potato without MSF Read this: https://decoder.cloud/2017/12/23/the-...

EKGBskG8APc/default.jpg
HackTheBox - Jeeves HackTheBox - Jeeves Reviewed by Dump3R H3id3gg3R on May 19, 2018 Rating: 5