HackTheBox - Napper
00:00 - Introduction
00:55 - Start of nmap, showing -vv will cause the output to contain TTL
04:40 - Checking out the website
05:23 - Doing a VHOST Bruteforce to discover the internal domain and discovering credentials on a blog post
07:30 - Checking out the NAPListener blog post, which gives us a way to enumerate for the NAPLISTENER Implant
10:30 - Showing the Backdoor code to discover how it works
12:30 - Building a DotNet Reverse Shell and renaming the method to Run, then using Mono (mcs) to compile
14:45 - Converting the DLL to base64 and getting NAPLISTENER to execute it
19:20 - Discovering a draft blog post talking about them getting rid of laps and building a custom solution that uses elastic
24:00 - Setting up a tunnel with Chisel so we can talk to Elastic
25:55 - Using curl to enumerate Elastic
30:20 - Reversing the Golang binary with Ghidra
42:30 - Creating a Golang Binary to grab a document (seed), then using search to grab the blob, and decrypting it with AES-CFB
47:30 - Connecting to Elastic, using a Proxy
56:00 - Grabbing the Seed with the Golang Elastic Library
1:03:00 - Grabbing the Blob with Golang Elastic Library
1:09:45 - Using the Seed to generate our 16 byte key
1:13:53 - Creating a decrypt function
1:16:30 - Getting the PlainText then using RunasCS to get a reverse shell as the Backup User, which is administrator
Пікірлер: 20
Amazing that you provide such writeups, it’s pretty helpful to get the mindset for CTFs
Hey Ippsec, I really adore these types of boxes as a M4lware Analyst / reverse engineer. I thought initially this one was created by 0xdf. Do you know if HTB will ever have a similar kinda platform focussed on solely mal ware analysis / reverse engineering?
First one is me , thank you so much ippsec for this information
I was waiting for this video. I was like “Wait….. no video” It's Sunday but then I was like no it's Saturday. I just have to wait :)
what you do when you get stuck at some point
Ippy faces everywhere, humble Ipps without temptation
Hey how did you enable Line number in vim?
@apeologists
27 күн бұрын
You can go into command mode (press Esc) and type in “:set number” or just “:set nu”. To turn it off, do the command “:set nonumber” or “:set nonu”. If you want to toggle between the two you can also do “:set number!” or “:set nu!”
@darshanakhare6676
27 күн бұрын
@@apeologists I have do it every time to turn it on? OR just once
@darshanakhare6676
27 күн бұрын
I did vimtutor and I need to do it every time
@apeologists
27 күн бұрын
@@darshanakhare6676you can edit your .vimrc file to make it persist
@AUBCodeII
27 күн бұрын
@@darshanakhare6676you can include the line "set number" to your ~/.vimrc file. Then you'll have numbered lines everytime you start up vim
Push!
unique butt fun.
unique butt fun box
I want to try to code this in Python because GO isn't working on my laptop but I'm afraid python's random.seed() will produce something different, we will see! It should be the same since the Algorithm is the same right?
@ippsec
18 күн бұрын
Nope the seed will likely be different. Every language performs seed differently
@NatteeSetobol
18 күн бұрын
@@ippsec Aww that sucks =(