Published By
Created On
15 Dec 2021 13:36:26 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
CyberSecLabs - Weak - Windows [Walkthrough]
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531
Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Windows
Challenge name: Weak
Difficulty: 1/10
00:00 Introduction
00:10 Nmap
00:40 Using files to connect to ftp anonymously
01:30 Checking if the webroot is actually the ftp share
02:30 Explain wappalyzer
03:00 Trying to upload php, it fails
04:00 Using an aspx web shell (SharPyShell)
05:40 Enumerating the Development directory, seeing credentials
06:40 Using crackmapexec to test password on users
07:20 Good login (PWNED) Using psexec.py to get RCE
...
https://www.youtube.com/watch?v=bVd_Z321Tw0
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531
Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Windows
Challenge name: Weak
Difficulty: 1/10
00:00 Introduction
00:10 Nmap
00:40 Using files to connect to ftp anonymously
01:30 Checking if the webroot is actually the ftp share
02:30 Explain wappalyzer
03:00 Trying to upload php, it fails
04:00 Using an aspx web shell (SharPyShell)
05:40 Enumerating the Development directory, seeing credentials
06:40 Using crackmapexec to test password on users
07:20 Good login (PWNED) Using psexec.py to get RCE
...
https://www.youtube.com/watch?v=bVd_Z321Tw0
Author
Content Type
Unspecified
video/mp4
Language
English
More from the publisher
Controlling
VIDEO
CYBER
cyberseclabs-fuel-linux-walkthrough
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Linux
Challenge name: Fuel
Difficulty: 2/10
00:00 Introduction
00:15 Nmap scan
00:30 Fuel CMS, version 1.4 - Exploit
01:20 Looking into the Fuel CMS RCE exploit
01:40 URL decoding with CyberChef
02:00 Running the RCE, fixing errors
03:30 Getting RCE, finding the private RSA key to get SSH access
05:20 Checking the .bash_history file to find a plaintext password
06:00 Using the password to su to root
...
https://www.youtube.com/watch?v=cAVaHenL7s8
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
? #BU
bbr030222
? #BugBounty Recap ?
? February 3rd ⏰
@Zomato Subdomain Takeover by @moe1n1
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
WEB -
web-jwks-spoofing-flag-jokes-nahamcon
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 CTF: NahamCon
CTF Link: https://ctf.nahamcon.com
CTFTime link: https://ctftime.org/event/1067
Category: Web
Challenge name: Flag Jokes
Description: Want to hear a joke? Want the flag? How about both? Why don't YOU tell me a joke!
Difficulty: 5/10
...
https://www.youtube.com/watch?v=KUyuvnez0ks
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
CYBER
cyberseclabs-boats-windows-walkthrough
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Twitter: https://twitter.com/PinkDraconian
Discord: PinkDraconian#9907
Website: http://pinkdraconian.d4rkc0de.com/
Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Windows
Challenge name: Boats
Difficulty: 1/10
00:00 Introduction
00:12 Running nmap on the windows box
00:30 Running gobuster on port 80
01:00 Doing manual enumeration on port 80 whilst waiting for our automatic recon to finish
01:45 Looking at the output from gobuster and checking the phpmyadmin file
02:07 Checking out the open phpmyadmin portal
02:35 Using phpmyadmin to get a shell on the box through uploading php code with a sql query
03:40 Checking out hacktricks to look for a good reverse shell in windows, we decide to user certutil
04:40 Using msfvenom to create a reverse meterpreter binary
05:35 Uploading our binary with certutil and running it
06:55 Using metasploit to catch our reverse meterpreter shell with exploit/multi/handler
...
https://www.youtube.com/watch?v=TwmHAzu0AeY
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
? #BU
bbr300122
? #BugBounty Recap ?
? January 30th ⏰
@imgur Reflected XSS by whoami991
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
CRYPT
crypto-pretty-ridiculous-auctf
CTF: AUCTF
CTF Link: https://ctf.auburn.edu/
CTFTime link: https://ctftime.org/event/1020
Category: Crypto
Challenge name: Pretty Ridiculous
Description: Eve discovered that a piece of paper had been shoved into her pocket.. what could it be? The message she found can be downloaded at the following link:
(n,e) = (627585038806247, 65537)
https://drive.google.com/file/d/17z7C5i_TOx_838QNPbZvNCKW4DcPCaEF/view?usp=sharing
Difficulty: 2/10
Github with artefacts: https://github.com/PinkDraconian/CTF/tree/master/AUCTF/Pretty%20Rudiculous
...
https://www.youtube.com/watch?v=nyMiQR8Krik
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
CRYPT
crypto-shifty-shwoozy-auctf-walkthrough
CTF: AUCTF
CTF Link: https://ctf.auburn.edu/
CTFTime link: https://ctftime.org/event/1020
Category: Crypto
Challenge name: Shifty Shwoozy
Description: Eve woke up to this message after a really crazy night. Everything is shifted around. Can you figure out what it says?
You can download the message here: https://drive.google.com/file/d/1hshUoTtN5tgVjbpRNDujmBnKOJbJZcbS/view?usp=sharing
Difficulty: 4/10
...
https://www.youtube.com/watch?v=0rAAo79-MSk
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
? #BU
bbr270122
? #BugBounty Recap ?
? January 27th ⏰
@tiktok_us XSS by @404NF
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
CYBER
cyberseclabs-sync-active-directory
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Patreon: https://www.patreon.com/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531
? Reddit: https://www.reddit.com/user/PinkDraconian
☁️ Steam: https://steamcommunity.com/id/PinkDraconian
? GitHub: https://github.com/PinkDraconian
Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Linux
Challenge name: Sync
Difficulty: 8/10
00:00 Introduction
00:15 Nmap scan
01:00 Looking at SMB
03:00 Looking at SMB Share directory permissions using smbcacls
08:00 NTLM_Theft and responder
13:50 BloodHound
18:30 Exploiting GenericWrite through ASREP roasting
24:10 DCSync attack
28:30 Outro
...
https://www.youtube.com/watch?v=ndBZSWKo54c
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English