Active Members Fi8sVrs Posted June 12, 2018 Active Members Report Share Posted June 12, 2018 (edited) Full Video: 02:08 - Begin of Recon 14:00 - XXE Detection on Fulcrum API 17:40 - XXE Get Files 23:40 - XXE File Retrieval Working 24:30 - Lets Code a Python WebServer to Aid in XXE Exploitation 39:45 - Combining XXE + SSRF (Server Side Request Forgery) to gain Code Execution 47:28 - Shell Returned + Go Over LinEnum 56:49 - Finding WebUser's Password and using WinRM to pivot 01:06:00 - Getting Shell via WinRM, finding LDAP Credentials 01:14:00 - Using PowerView to Enumerate AD Users 01:27:06 - Start of getting a Shell on FILE (TroubleShooting FW) 01:35:35 - Getting shell over TCP/53 on FILE 01:37:58 - Finding credentials on scripts in Active Directories NetLogon Share, then finding a way to execute code as the Domain Admin... Triple Hop Nightmare 01:58:10 - Troubleshooting the error correctly and getting Domain Admin! 02:03:54 - Begin of unintended method (Rooting the initial Linux Hop) 02:09:54 - Root Exploit Found 02:12:25 - Mounting the VMDK Files and accessing AD. Edited June 13, 2018 by OKQL 1 Quote Link to comment Share on other sites More sharing options...
