Myvideo

Guest

Login

HackTheBox - Aero

Uploaded By: Myvideo
13 views
0
0 votes
0

00:00 - Introduction 00:56 - Start of nmap 04:20 - Looking for Windows Exploits around Themes and discovering ThemeBleed (CVE-2023-38146) 06:30 - Creating a DLL that exports VerifyThemeVersion and then compiling from Linux 10:50 - Showing the exports of the DLL to confirm it is there, then hiding the ReverseShell export 12:30 - Testing our DLL from our windows computer 13:30 - Creating the malicious Windows Theme 17:20 - Setting up a SOCAT forward to send port 445 from our linux box to our Windows Box 19:20 - Updating the IP Address in our DLL and then getting a shell 22:10 - Downloading the PDF by converting it to base64 and then copy and pasting it to our box 23:45 - Researching CVE-2023-28252, which is a Windows Local Privesc in the Common Log File System (CLFS) and patched back in April 2023 26:30 - Opening the CLFS Exploit up in Visual Studio and placing a Powershell Web Cradle to send a reverse shell and getting Root 32:30 - Beyond root: Changing up the DLL we used fo

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later