HackTheBox - Scrambled - Attacking a Windows box with NTLM Disabled, MSSQL, and JuicyPotatoNG

00:00 - Intro
01:00 - Start of nmap
04:00 - Viewing the website and discovering kerberos is disabled
07:45 - Using Kerbrute to enumerate valid users and then password spray with username
10:15 - Bad analogy comparing Kerberos works with TGT/TGS and Movie Theater Tickets
11:00 - Using Impacket's GetTGT Script to get Ticket Granting Ticket as Ksimpson and exporting KRB5CCNAME so Impacket uses it
12:30 - Using GetUserSPN to Kerberoast the DC with Kerberos Authentication and cracking to get …

box hackthebox mssql ntlm windows