Скачать или смотреть Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09

Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09

Скачать Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09 бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09 или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09 бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Signed Hack The Box | Silver Ticket | OPENROWSET BULK | CVE-2025-33073 | Ligolo Pivot | Season 09

Signed - Hack The Box (Medium | Windows | Season 9)

In this walkthrough, we tackle the "Signed" machine from Hack The Box — a Windows Domain Controller with only MSSQL (port 1433) exposed. We escalate from a low-privilege SQL login to SYSTEM through Silver Ticket forgery and CVE-2025-33073 NTLM reflection.

🔹 Attack Path Overview:
━━━━━━━━━━━━━━━━━━━━━━
• Foothold: MSSQL access with provided credentials (scott)
• Credential Capture: xp_dirtree + Responder → mssqlsvc NTLMv2 hash
• Privilege Escalation: Silver Ticket forging to claim MSSQL sysadmin (SIGNED\IT group)
• User Flag: xp_cmdshell as mssqlsvc service account
• Root Flag (Unintended): OPENROWSET(BULK) with elevated Kerberos ticket (Domain Admins group)
• Root Flag (Intended): Ligolo tunnel + CVE-2025-33073 NTLM reflection → relay to WinRM → SYSTEM shell

🔹 Techniques Covered:
━━━━━━━━━━━━━━━━━━━━━━
• MSSQL enumeration methodology (enum_logins, enum_impersonate, enum_links, enum_db)
• NetNTLMv2 hash capture via xp_dirtree + Responder
• Kerberos Silver Ticket forgery with custom group memberships
• Kerberos clock skew troubleshooting
• OPENROWSET(BULK) / BULK INSERT for file reading
• Ligolo-ng reverse tunneling (agent upload via MSSQL)
• CVE-2025-33073: NTLM reflection bypass via marshalled target information
• SMB coercion (DFSCoerce, PetitPotam, PrinterBug) + NTLM relay to WinRM

🔹 CVEs Exploited:
━━━━━━━━━━━━━━━━━━
• CVE-2025-33073 — NTLM Reflection bypass using marshalled target info in crafted DNS hostnames

🔹 Tools Used:
━━━━━━━━━━━━━━
• Nmap, Impacket (mssqlclient, ticketer, ntlmrelayx), Responder, Hashcat
• Ligolo-ng (proxy + agent), krbrelayx (dnstool.py), NetExec (nxc), coerce_plus

🔹 References:
━━━━━━━━━━━━━━
• Synacktiv CVE-2025-33073: https://www.synacktiv.com/en/publicat...
• Zero Networks: https://zeronetworks.com/blog/examini...
• Machine: https://app.hackthebox.com/machines/775

⚠️ Disclaimer: This video is for educational purposes only. Always obtain proper authorization before testing. Do not use these techniques
against systems you do not own or have explicit permission to test.

#chatgpt HackTheBox #CTF #OSCP #Pentesting #ActiveDirectory #Kerberos #SilverTicket #MSSQL #NTLMRelay #CVE202533073 #Windows #PrivilegeEscalation
#0xdtc #InfoSec #CyberSecurity #EthicalHacking #HTB #redteam

Комментарии

Информация по комментариям в разработке