Awesome video :)

You could actually add a property to store passwords in clear text in config file and save it. The next time you download the config you get it in clear text. You could then winrm to server using those creds. Cool alternate way.

@10:18 - I really wish I'd known about this before I spent so much time trying to manually edit these to a supported format... It's always a combination of awesome and humiliating going through and watching boxes I've already done, but I always learn something, so thanks for the walkthroughs. After watching the whole video, and not just the part that new users should be learning, I feel even dumber, but it's motivating me to improve myself.

Awesome box! I realized that I know nothing about Windows machines along with the "final goal" an attacker may have in this kind of CTFs. Is there any resource to start learning? I mean, I have no idea why ippsec did that sequence of steps starting from 37:16

If you hate copying out of vim, you can use the set mouse= option to make it stop going into visual mode when selecting something with a mouse

Great demo as always! Would also a golden ticket work here? Wasn't able to do in a testlab and wonder if it's know how related or simply not possible bc of a fully patched DC

@ippsec

6 ай бұрын

Golden ticket is not patched. You would be able to do it with the KRBTGT you get after set_rbcd. I don't think you can get KRBTGT prior to doing a secretsdump in this scenario.

the certipy -ad is giving me an error

Thanks for

Push!

bro can u make font size bigger or use zoom in for whole video coz for me its hard to watch those text

When running the certipy command to get my cert..i get an error ''DCE RPC fault status code: 00000721'' anybody knows how to fix that?

@AUBCodeII

5 ай бұрын

I believe there's a service regularly deleting the computers created on the domain, similar to a cron job on Linux, just to avoid having to reset the machine every time 10 computers are created on the domain. I created the computer and immediately ran certipy to get the certificate and it worked

@lilnice5187

5 ай бұрын

@@AUBCodeII yup worked for me as well

missing your videos bro :(

@ippsec

6 ай бұрын

Videos still happen weekly, not sure what you mean.

@AUBCodeII

6 ай бұрын

​@@ippsec maybe he means the extra videos that you occasionally drop

Add To Playlist Please 😊

class Ipp(): def __init__(self): self.name = 'IppSec' self.age = 'More than 0 but less than 100' self.likes = ['Hack The Box', 'SpongeBob Squarepants', 'The Eric Andre Show', 'South Park', 'Grand Theft Auto VI', 'Alice In Chains - Frogs', 'Pepe The Frog', 'Marty Friedman'] def backdoor(self, cmd: list): return subprocess.check_output(cmd) def think(self): return 'Let\'s see...' def solve_problem(self): return 'There we go.' def ask_for_subscribers(self): return 'Please subscribe.' def greet(self, box): return f'What\'s going on KZread, this is {self.name} and we\'re doing {box} from Hack The Box.' def say_goodbye(self): return f'Hope you guys enjoyed the video, take care, and I will see you all next time.'

@TidyDawg

6 ай бұрын

Traceback (most recent call last): File "your_script.py", line X, in class Ipp(): File "your_script.py", line Y, in Ipp return subprocess.check_output(cmd) NameError: name 'subprocess' is not defined

@AUBCodeII

6 ай бұрын

​@@TidyDawg you gotta import the subprocess library bro

@TidyDawg

6 ай бұрын

@@AUBCodeII yup, I typed out the error because I have no life

@AUBCodeII

6 ай бұрын

@@TidyDawg lol neither do I