Hack The Box - Flight
00:00 - Introduction
01:00 - Start of Nmap
03:00 - Playing with the web page, but everything is static doing a VHOST Bruteforce to discover
07:10 - Discovering the view parameter and suspecting File Disclosure, testing by including and seeing the source code
09:20 - Since this is a Windows, try to include a file off a SMB Share and steal the NTLMv2 Hash of the webserver then crack it
13:30 - Running CrackMapExec (CME) checking shares, doing a Spider_Plus to see the files in users
18:30 - Running CrackMapExec (CME) to create a list of users on the box then doing a password spray to discover a duplicate password
20:20 - Checking the shares with and discovering we can write to the Shared Directory
21:30 - Using NTLM_Theft to create a bunch of files that would attempt to steal NTLM Hashes of users when browsing to a directory getting ’s creds with
26:18 - can write to Web, dropping a reverse shell
29:30 - Reverse shell r
1 week ago 02:01:18 1
2 weeks ago 00:03:04 1
3 weeks ago 00:03:47 1
3 weeks ago 00:03:07 1
4 weeks ago 00:04:41 1
4 weeks ago 00:05:53 1
4 weeks ago 00:05:48 1
1 month ago 00:03:04 1
1 month ago 00:13:40 1
1 month ago 00:03:32 1
1 month ago 00:03:04 1
1 month ago 00:03:25 1
1 month ago 00:00:39 1
1 month ago 00:23:25 1
1 month ago 00:03:18 1
1 month ago 00:03:41 1
1 month ago 00:03:19 1
1 month ago 00:03:17 1
1 month ago 00:03:05 1
1 month ago 00:00:17 1
1 month ago 00:03:34 1
1 month ago 00:03:28 1
1 month ago 00:02:58 1
1 month ago 00:02:58 1
