HackTheBox - Sauna

Huge fan. I'm a Army veteran now in InfoSec and studying towards PenTesting. Watching your speed and efficiency is mesmerizing.

ExploitSecurity

This channel is so underrated...damn, another awesome video man...keep the knowledge flowing :)

yunietpiloto

That vim magic was sweet! Gonna give me wet dreams tonight

yannickpeter

hashcat + multiple nvidia + rockyou is a deadly combo.

patthetech

whenever I see how professionals like you use their tricks it motivates me but how to ever get that good with such all these information ?
that's the trick, BTW it was a piece of art how you solved this box

mustafaismail

Your walkthroughs have really helped me out. I’ve been trying to do more CTFs and I’ve yet to finish one without some form of a hint and I feel so dumb every time I watch you fly through these lol. Only way to learn is to fail though I suppose

AnlStarDestroyer

Really great to see how the pieces come together. Very interesting video to watch. Thank you IppSec

MichaelJohnson-brzz

Always enjoy seeing Ippsec videos ! One of the most interesting part for me is the Vim Magic part! Its absolutely cool ! Also, this box is one of the AD 101 Path on HTB, good to prepare for new format of OSCP Exam (With AD machines Included)

satryamahardhika

GetNPUser does the asreproast thing, GetUserSPN is kerberoasting, it request service tickets for accounts(usually service accounts) that has SPN set. There's actually no good reason when to run the GetNPUser script cuz we usually don't have enough privilege before an initial foothold to see which users have "do not require Kerberos pre auth" option enabled ( this is not practical in real world as a sysadmin would never do it ) so in ctfs if you have a list of usernames and password spraying didn't work always give it a try and GetUserSPNs usually work with service accounts, it's more of a post Exploitation script.

westernvibes

Amazing guide, thank you. Is there a specific reason psexec is used at the end to pass the hash for the administrator user? Can evil-winrm be used to perform the same thing? ie get shell access to the administrator user. Just trying to understand everything and the tools used for different use cases. Cheers !

ethicalhackosa

hahahaha man that VIM magic was so good that I started laughing! Will I ever get this good?

yusufanything

When firefox detects a potential virus in a download you can simply right click on the file and select "Allow Download"

lazarvukasinovic

Hey ippsec, you only use this kracken machine to CTFs like HTB or in real world pentests? Also, it's a GPU based machine in some cloud provider like amazon/GC/azure?

Deaple

At this point I just added the impacket directory to the terminal's path since it's nice to just type the name of the python script without having to locate that path every time.

dayton

I hope you're gonna reach 100k by the next week

omaroobaniessa

winpeas can't finds autologon anymore, i was stuck at privilege escalation part and watched this video.
Maybe i should also manuially check everything from now on...

cxdva

another great video, great job
can you on next video in the end show how would you write report for that box? or make video about reporting for OSCP(what to put in, what dont put in, etc)?

eebba

Are you doing this box without any prep-work?

alexzander

Frigging Kerbrute dumps the hash in a $18$ format that Hashcat can't handle.

werdna_sir

This should be added to the oscp like boxes

pauliehorgan