00:00 - Introduction
01:00 - Start of Nmap
03:20 - Checking out the website, deciding there isn't much of interest here
05:10 - Running Kerbrute with a userlist to identify valid users
05:50 - Showing what Kerbrute is doing with NetExec
09:00 - A better way to enumerate valid users, RID Bruteforce, showing it with NetExec
10:50 - Using RPCClient to show how RID Bruteforce works
14:00 - Using NetExec to bruteforce users with the password of their username
17:55 - Showing off the NetExec Database
19:30 - Switching over to testing accounts for MSSQL Access with NetExec
21:20 - Using Impacket's MSSQLClient to access the MSSQL Server and running XP_DIRTREE to find a backup on the webserver
23:20 - Finding a credential for Raven in the backup file
26:50 - Using Certipy to find out the server is exploitable to ADCS ESC7, then exploiting it
Support the originator by clicking the read the rest link below.
