HackTheBox - Alert

Name: HackTheBox - Alert
Uploaded: 2025-03-22T15:01:20Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:20 - Enumerating the Link_Share for Directory Traversal, coming up with nothing 05:10 - Discovering XSS in...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 03:20 - Enumerating the Link_Share for Directory Traversal, coming up with nothing 05:10 - Discovering XSS in the Contact Us Form 07:30 - Playing with the XSS, we keep getting extra URL Encoded data turns out its not XSS but instead the admin is clicking links 10:50 - Sending only a link, discovering they click it. Now we need to find XSS in a page so manipulate their browser. Playing with the Markdown converter 13:45 - Creating an XSS Payload that will navigate to a page and send us the page and discovering a messages page 22:30 - The page shows us t…

Watch on YouTube ↗ (saves to browser)

Chapters (11)

Introduction

1:00 Start of nmap

3:20 Enumerating the Link_Share for Directory Traversal, coming up with nothing

5:10 Discovering XSS in the Contact Us Form

7:30 Playing with the XSS, we keep getting extra URL Encoded data turns out its not

10:50 Sending only a link, discovering they click it. Now we need to find XSS in a p

13:45 Creating an XSS Payload that will navigate to a page and send us the page and

22:30 The page shows us there is a messages.php file, showing other ways to see this

30:00 Downloading the HTPASSWD from our File Disclosure vulnerability, then cracking

34:14 SSH into the box as Albert, looking for any databases we can exfil

37:55 Discovering there is a PHP Webserver running as root in /opt/website-monitor a

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →