Had a lot of fun with this one, always love seeing how you do things differently. The BloodHound idea was really great, I'll admit I just guessed based on the fact it was a support account. Great job!
lmfao @46:56. Dude I was laughing so hard watching this. I was like: "looks good to me....oh wait....." omg.... thanks for the videos ippsec. As a complete noob, I've learned a ton from you!
Very good explanation ! the last column can be printed using $NF #cat kerbrute-userenum.txt | grep -i black | awk {'print $NF'} audit2020@blackfield support@blackfield svc_backup@blackfield
Also, can you please recommend us which your videos help us to do HTB offshore lab? I just bought it and it seems hard for me. Which boxes will help us do offshore?
Hi Ippsec, Just one doubt, I read that for winrm exploitation, port 5985, 5986 must be open in the remote host but I can't see any port open in your case but still you got pwned. How? What am I missing?
It's possible, but I really hate that script. It's a bunch of perl that wraps around the rpc/smbclient commands I use but hasn't been updated for a long time.
i see someone created a pull request on that website's github page! to include video after fatty into the dataset! literally 9 hours ago! we shall have those video searchable soon oh yeeaaah!
Anyone going through this and wondering how to get round the "smb share only creating one folder" problem. In the smb.conf file, under your share options, add the line: inherit permissions = yes I mounted a share in the /mnt directory and had no issues with this 🤘
32:10 rpcclient -U support%#00^Blacknight 10.10.10.192 Use this if you don't to keep repeating typing the same password over and over again in lab/ctf, but please take note that the password will be visible in history. Don't use this in a real production environment
![Six Hundred Strike [EPIC: The Musical] Full Animatic](http://i.ytimg.com/vi/zov6NXIAuow/mqdefault.jpg)
Had a lot of fun with this one, always love seeing how you do things differently. The BloodHound idea was really great, I'll admit I just guessed based on the fact it was a support account. Great job!
lmfao @46:56. Dude I was laughing so hard watching this. I was like: "looks good to me....oh wait....." omg.... thanks for the videos ippsec. As a complete noob, I've learned a ton from you!
I've loved to do box myself and then watch ippsec's walkthrough
You always make it seem easy lol! At the time of doing it, I didn't even think of doing this and that!
Exactly this...
Şahane 🎉 Etkileyici bi yaklaşım. Eline sağlık ❤
Very good explanation !
the last column can be printed using $NF
#cat kerbrute-userenum.txt | grep -i black | awk {'print $NF'}
audit2020@blackfield
support@blackfield
svc_backup@blackfield
This is a very realistic attack approach , following the path of least resistance
I don't understand most of the stuff right now but keep on uploading! I'm sure I'll get to that level someday
Of course!
If you are following ippsec and you are a curious person, then you are definitely on right path. 🖖🏼
After many weeks Still amazing work but after watching one hours every week i feel foregeiner in my terminal.
The great work
Also, can you please recommend us which your videos help us to do HTB offshore lab? I just bought it and it seems hard for me. Which boxes will help us do offshore?
Great explanation !
Amazing 👍
Got the svc_backup NTLM hash - Tried to crack it - Failed - Moved on.
Didn't think of passing it to login >_
Thats a lot work man
I have question. why you switched from kali to parrot os? is it because of some reason or is it just personal preference.
Crazy stuff
why is it not for -d in kerbrute blackfield.local instead of blackfield ? thanks
Hi Ippsec, Just one doubt, I read that for winrm exploitation, port 5985, 5986 must be open in the remote host but I can't see any port open in your case but still you got pwned.
How? What am I missing?
It is always a good idea to perform a Full Port Scan with -p- option. You will see the Port is open.
were the machine hashes invalided? can you just create silver tickets and skip low priv user?
informative :)
also isnt winrm usually limited to administrators?
No need for admin, the user just needs to be in the Remote Management Users group
I watched this twice 💋💖😍
I watch this many times, thanks ippsec. Learned a lot from you
Not my topic, but well taught!
I think that enum4linux can give you the shares as well the users
It's possible, but I really hate that script. It's a bunch of perl that wraps around the rpc/smbclient commands I use but hasn't been updated for a long time.
No , it will not work
@@ippsec cddmp's enum4linux is kinda updated, its a python3 script. it does the same thing like original enum4linux + some other features
Senpai
Thanks IppSec! BTW I searched ippsec.rocks for zero login but the video for Multimaster doesn't show up
Well, here is a link to the video. ruclips.net/video/iwR746pfTEc/видео.html
i see someone created a pull request on that website's github page! to include video after fatty into the dataset! literally 9 hours ago!
we shall have those video searchable soon oh yeeaaah!
i should learn how to do that😂
@@MoxResearcher yeah all good I knew the video was just informing that the website cannot search for it yet, cheers.
Try out Vulnmachines labs
Hi
First Here 😁
😏
Lodu
Land sala
Yeah but you blinked.
Anyone going through this and wondering how to get round the "smb share only creating one folder" problem. In the smb.conf file, under your share options, add the line:
inherit permissions = yes
I mounted a share in the /mnt directory and had no issues with this
🤘
32:10 rpcclient -U support%#00^Blacknight 10.10.10.192
Use this if you don't to keep repeating typing the same password over and over again in lab/ctf, but please take note that the password will be visible in history. Don't use this in a real production environment