Wait, the sql_svc user under the service account context in xp_cmdshell has the SeImpersonatePrivivilege privilege I think that would be a simpler way, even so, the proposed form is interesting and a great contribution
It has, at the end although the user is still sql_svc the privileges are not the same as the winrm shell, since under the context of xp_cmdshell in mssql is like a service account (sorry for my translation from spanish xd)
My certify.exe is not running. The error is "Program 'Certify.exe' failed to run: The specified executable is not a valid application for this OS platform.At line:1 char:1"
I'm trying to replicate this I have a VM running win server, a win 10 and a kali vm, how are you. installing and running certify.exe? I tried via VS code but. it still doesn't seem to compile, is there a source I can .git or download it from?
Sir, Here why didnt you try bloodhound? Is it because you knew from previous enumerations that it results to nothing or is there anything else which i missed out?
27:25 I'm pretty sure you can actually just give it the .pfx for both certs and then it'll ask you for the password you set when making the pfx, in this case just blank.
Wait, the sql_svc user under the service account context in xp_cmdshell has the SeImpersonatePrivivilege privilege I think that would be a simpler way, even so, the proposed form is interesting and a great contribution
I don't believe it has SeImpersonate.
It has, at the end although the user is still sql_svc the privileges are not the same as the winrm shell, since under the context of xp_cmdshell in mssql is like a service account (sorry for my translation from spanish xd)
Ah yep you're right. It's probably possible to privesc that way.
My certify.exe is not running. The error is "Program 'Certify.exe' failed to run: The specified executable is not a valid application for this OS platform.At line:1 char:1"
Thank you ippsec. Greetings from 🇹🇷
Selamlar Mehmet. Siber güvenlik ile ilgileniyorsan tanışmak isterim
@@computerhackfusiontanışalım kardeşim. yusa.capraz senin hesabın galiba. aktif olarak kullanıyor musun?
🇬🇷 = ☑️💪👍
🇹🇷 = ❎ 👎🤬😠😠
@@RISE_BEFORE_YOU_GREECE What are you doing in the cyber security channel? ignorant.. 🤭😂
I'm trying to replicate this I have a VM running win server, a win 10 and a kali vm, how are you. installing and running certify.exe? I tried via VS code but. it still doesn't seem to compile, is there a source I can .git or download it from?
Sir, Here why didnt you try bloodhound? Is it because you knew from previous enumerations that it results to nothing or is there anything else which i missed out?
😢 I didn't understand a thing after 20:00 I am a noob at windows :(
Me too
the silver ticket attack is no longer working. I wonder if they made any changes on the box
yeah you are right i have the same issue
Every Saturday waiting for your video great videos
Why he talks with closed nose tho? It's annoying
@@wooshbait36 it is what it is
Wish I could fix it but it is a speech impediment, not something I intentionally do.
@@ippsec hii ippsec please make video how to learn like you and understand
Amazing box and amazing teachings!! really nice one..
love u dear sir from Pakistan.
Push!
You have a pay channel? This is news to me. Where is this channel located?
You just click Join on this channel.
@@ippsec This is why you are a legend.
Jodd!!
Do you have any channels you'd recommend for this quality of content and walkthroughs, but for THM?
Sorry, I don't have an idea.
@@ippsec I'm guessing you're not permitted to make content for THM either.
@@jojobobbubble5688 Even before when I did more platforms like VulnHub, I did not like THM.
Why not ? @@ippsec
i used evil-winrm to login after getting NTLM hash
"evil-winrm -i sequel.htb -u Administrator -H "NTLM hash"
27:25 I'm pretty sure you can actually just give it the .pfx for both certs and then it'll ask you for the password you set when making the pfx, in this case just blank.
I really want to learn how to build windows vuln box, can you teach ? Maybe this lesson is in private channel😊
Really thanks
I don’t really know how to teach this. Every vulnerable box is different depending on the paths you want to include.
I always miss you, when i teach every ethical hacker... i have puprle teamer name is ippsec sir..
Amazing !