In this video I showcase a full walkthrough of the Active machine provided by the Hack The Box platform.
By doing full htb walkthroughs we will be able to put into practice what we discussed in the OSCP guide.
-------------------------
TIMESTAMP
00:00 Introduction
00:54 Nmap scans
03:50 Active Directory services
06:18 SMB anonymous enumeration
09:30 Enumerating SMB (smbclient, crackmapexec, smbget)
18:50 Group Policy Preferences (GPP)
25:21 Decrypt GPP password with Microsoft key
34:11 Authenticating to the domain with SVC_TGS
36:03 User flag
37:00 Kerberoasting Administrator password
34:11 Authenticating to the domain with Administrator
44:27 Obtaining a shell through PsExec
-------------------------
RESOURCES
- Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-01-05-htb-active-walkthrough
- Article on GPP: https://adsecurity.org/?p=2288
- Microsoft AES-key: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gppref/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be?redirectedfrom=MSDN
-------------------------
CONTACTS
- Technical blog: https://blog.leonardotamiano.xyz/
- Github: https://github.com/LeonardoE95?tab=repositories
- Support my work: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ
