00:00:00 Start
00:00:10 Network Services
00:00:44 Install CrackMapExec
00:21:35 Password Mutations
00:25:28 Password Reuse
00:26:47 Attacking SAM
00:28:51 Attacking LSASS
00:32:30 Attacking AD & NTDS.dit
00:37:04 Credential Hunting in Windows
00:41:40 Credential Hunting in Linux
00:51:45 Passwd, Shadow & oPasswd
00:56:01 Pass The Hash (PtH)
01:08:19 Pass The Ticket (PtT) Windows
01:12:43 Pass The Ticket (PtT) Linux
01:24:37 Protected Files
01:26:06 Protected Archives
01:28:13 Password Attacks Lab - Easy
01:34:17 Password Attacks Lab - Medium
01:51:33 Password Attacks Lab - Hard

Password Attacks | Network Services | #Walkthrough #htb
+ Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
+ Find the user for the SSH service and crack their password.....
+ Find the user for the RDP service and crack their password.....
+ Find the user for the SMB service and crack their password....

Password Attacks | Password Mutations | #Walkthrough #htb
+ Create a mutated wordlist using the files in the ZIP file under "Resources" in the top right corner of this section.......

Password Attacks | Password Reuse / Default Passwords | #Walkthrough #htb
+ Use the user's credentials we found in the previous section and find out the credentials for MySQL. Submit the credentials as the answer.

Password Attacks | Attacking SAM | #Walkthrough #htb
+ Where is the SAM database located in the Windows registry? (Format: ****\***)
+ Apply the concepts taught in this section to obtain the password to the ITbackdoor user account on the target. Submit the clear-text password as the answer.
+ Dump the LSA secrets on the target and discover the credentials stored. Submit the username and password as the answer. (Format: username:password, Case-Sensitive)

Password Attacks | Attacking LSASS | #Walkthrough #htb
+ What is the name of the executable file associated with the Local Security Authority Process?
+ Apply the concepts taught in this section to obtain the password to the Vendor user account on the target....

Password Attacks | Attacking AD & NTDS.dit | #Walkthrough #htb
+ What is the name of the file stored on a domain controller that contains the password hashes of all domain accounts? (Format: ****.***)
+ Submit the NT hash associated with the Administrator user from the example output in the section reading.
+ On an engagement you have gone on several social media sites and found the Inlanefreight employee names..
+ Capture the NTDS.dit file and dump the hashes. Use the techniques taught in this section to crack Jennifer Stapleton's password....

Password Attacks | Credential Hunting in Windows | #Walkthrough #htb
+ What password does Bob use to connect to the Switches via SSH? (Format: Case-Sensitive)
+ What is the GitLab access code Bob uses? (Format: Case-Sensitive)
+ What credentials does Bob use with WinSCP to connect to the file server? (Format: username:password, Case-Sensitive)
+ What is the default password of every newly created Inlanefreight Domain user account? (Format: Case-Sensitive)
+ What are the credentials to access the Edge-Router? (Format: username:password, Case-Sensitive)

Password Attacks | Credential Hunting in Linux | #Walkthrough #htb
+ Examine the target and find out the password of the user Will. Then, submit the password as the answer.

Password Attacks | Passwd, Shadow & Opasswd | #Walkthrough #htb
+ Examine the target using the credentials from the user Will and find out the password of the "root" user. Then, submit the password as the answer.

Password Attacks | Pass the Hash (PtH) | #Walkthrough #htb

Password Attacks | Pass the Ticket (PtT) from Windows | #Walkthrough #htb
+ Connect to the target machine using RDP and the provided creds. Export all tickets present on the computer....
+ Use john's TGT to perform a Pass the Ticket attack and connect to the DC01 using PowerShell Remoting. Read the flag from C:\john\john.txt

Password Attacks | Pass the Ticket (PtT) from Linux | #Walkthrough #htb

Password Attacks | Protected Files | #Walkthrough #htb
+ Use the cracked password of the user Kira and log in to the host and crack the "id_rsa" SSH key....

Password Attacks | Protected Archives | #Walkthrough #htb
+ Use the cracked password of the user Kira, log in to the host, and read the Notes.zip file containing the flag. Then, submit the flag as the answer.

Password Attacks | Password Attacks Lab - Easy | #Walkthrough #htb
Password Attacks | Password Attacks Lab - Medium | #Walkthrough #htb
Password Attacks | Password Attacks Lab - Hard| #Walkthrough #htb

свернуть