HackTheBox - Aragog

Name: HackTheBox - Aragog
Uploaded: 2018-07-21T15:00:06Z
Channel: IppSec
Description: 01:26 - Start of Recon 03:25 - Notice SSH configured for Pub Key Only. Hint at what to grab later! 03:50 - Grabbing test.txt off ftp server via anonymo...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·7y ago

01:26 - Start of Recon 03:25 - Notice SSH configured for Pub Key Only. Hint at what to grab later! 03:50 - Grabbing test.txt off ftp server via anonymous auth 04:07 - Determining if I want to go down the "Exploit VSFTPD" rabbit hole 05:54 - Viewing test.txt and hosts.php 06:48 - Figuring out how hosts.php works and discovering XXE 08:58 - Start of XXE Discovery 10:16 - Making the XXE Output /etc/passwd 11:33 - Encoding output in Base64 in order to view PHP Files 12:58 - Using Burp Intruder to BruteForce Files 16:20 - Creating a program to bruteforce home directories 26:41 - Program Finished. …

Watch on YouTube ↗ (saves to browser)

Chapters (20)

1:26 Start of Recon

3:25 Notice SSH configured for Pub Key Only. Hint at what to grab later!

3:50 Grabbing test.txt off ftp server via anonymous auth

4:07 Determining if I want to go down the "Exploit VSFTPD" rabbit hole

5:54 Viewing test.txt and hosts.php

6:48 Figuring out how hosts.php works and discovering XXE

8:58 Start of XXE Discovery

10:16 Making the XXE Output /etc/passwd

11:33 Encoding output in Base64 in order to view PHP Files

12:58 Using Burp Intruder to BruteForce Files

16:20 Creating a program to bruteforce home directories

26:41 Program Finished. Finding SSH ID_RSA Key

28:15 Low Priv Access Granted

30:24 LinEnum.sh shows Wordpress CHMOD'd to 777

31:05 Examining Wordpress Site (big hint left by author)

32:10 Enumerating MySQL Database

35:15 Giving up on MySQL, lets edit PHP Files to dump passwords!

36:50 Identifying the file we want to backdoor

37:51 Placing our PHP Code

42:06 Got the password!

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →