HackTheBox - Analysis

00:00 - Introduction 01:05 - Start of nmap 05:00 - Discovering the internal.analysis.htb subdomain 07:55 - Talking about why I want to run FeroxBuster here and showing the menu so we can stop crawling non-interesting directories (ex: js, css, img) 13:30 - Discovering list.php in users and fuzzing parameters 16:40 - Start of program to bruteforce usernames 21:55 - Got the first character of every username, get the full name 29:00 - Discovering the script it vulnerable to LDAP Injection 31:50 - Converting our ldap username bruteforcer to exploit this ldap injection and exfil fields 41:00 - Talking about having to deal with wildcards in the field 50:10 - Completing the script 55:50 - Discovering we can upload PHP Scripts using the SOC Report page 1:00:30 - Reverse shell returned 1:01:45 - Creating a PHP Script to dump the database, we could pivot with chisel but we've done that 100 times before 1:09:00 - Discovering Snort runs every 2 minutes, talking abou tthe DynamicProcessor and how if we can upload a DLL we can get RCE as Admin 1:19:10 - Getting JDOE's password from HTTP Access Logs and the registry