HackTheBox - Alert

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 03:20 - Enumerating the Link_Share for Directory Traversal, coming up with nothing 05:10 - Discovering XSS in the Contact Us Form 07:30 - Playing with the XSS, we keep getting extra URL Encoded data turns out its not XSS but instead the admin is clicking links 10:50 - Sending only a link, discovering they click it. Now we need to find XSS in a page so manipulate their browser. Playing with the Markdown converter 13:45 - Creating an XSS Payload that will navigate to a page and send us the page and discovering a messages page 22:30 - The page shows us there is a messages.php file, showing other ways to see this. Then finding a file disclosure vulnerability 30:00 - Downloading the HTPASSWD from our File Disclosure vulnerability, then cracking it 34:14 - SSH into the box as Albert, looking for any databases we can exfil 37:55 - Discovering there is a PHP Webserver running as root in /opt/website-monitor and we can write files to the config. Dropping a php script to get root

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

Stop Blindly Disabling CSRF — Dynamic CSRF Configuration in Spring Security 6

Learn to dynamically configure CSRF protection in Spring Security 6 for hybrid enterprise APIs, replacing global disable strategies

Medium · Cybersecurity

Microsoft Reveals Kazuar Malware’s Advanced Modular Design and Peer-to-Peer Botnet Capabilities

Microsoft reveals Kazuar malware's advanced modular design and peer-to-peer botnet capabilities, posing a significant threat to cybersecurity

Medium · Cybersecurity

The OpenAI Breach Wasn't About OpenAI – It Was About the 84 Packages Above Them

The OpenAI breach highlights the importance of securing dependencies in the software supply chain, affecting 84 packages above them

Dev.to · Dimitris Kyrkos

Years of Apple's Best Security Work, Cracked in Five Days — Here's What Developers Should Know

Apple's best security measures were cracked in five days, highlighting the importance of ongoing security efforts for developers

Dev.to · ArshTechPro

Chapters (11)

Introduction

1:00 Start of nmap

3:20 Enumerating the Link_Share for Directory Traversal, coming up with nothing

5:10 Discovering XSS in the Contact Us Form

7:30 Playing with the XSS, we keep getting extra URL Encoded data turns out its not

10:50 Sending only a link, discovering they click it. Now we need to find XSS in a p

13:45 Creating an XSS Payload that will navigate to a page and send us the page and

22:30 The page shows us there is a messages.php file, showing other ways to see this

30:00 Downloading the HTPASSWD from our File Disclosure vulnerability, then cracking

34:14 SSH into the box as Albert, looking for any databases we can exfil

37:55 Discovering there is a PHP Webserver running as root in /opt/website-monitor a

How do I restrict access of IAM Identities to specific Amazon EC2 resources?

Amazon Web Services