This video is about Pivotapi, a 50-point Windows machine on HackTheBox.
Topics:
• Document Metadata
• ASREPRoasting
• Searching SYSVOL
• Dynamic Analysis with Procmon & API Monitor
• MSSQL & xp_cmdshell
• Getting access via SSH
• Bloodhound & Generic All
• Bloodhound & ForceChangePassword
• Account Operators & LAPS
• Unintended Solutions: SeImpersonate & SeManageVolume
[ Discord ]
https://discord.gg/vulnlab
[ Timestamps ]
00:00 Intro
00:20 Enumeration Part I
01:14 Metadata, ASREPRoasting & SYSVOL
04:53 Reversing Part I
09:07 MSSQL
14:52 Keepass & SSH
16:19 Enumeration Part II
19:54 Generic All/Targeted Kerberoast
24:29 Reversing Part II
27:20 ForceChangePassword & LAPS
31:31 Unintended Solutions
[ Notes & Links ]
• https://www.hackthebox.eu/
[ Desktop ]
• https://github.com/xct/kali-clean
• Wallpaper: https://www.yuumeiart.com/
[ About ]
• https://vulndev.io
• https://twitter.com/xct_de
• https://github.com/xct
• https://vulnlab.com
This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.
