HackTheBox - Backdoor

Name: HackTheBox - Backdoor
Uploaded: 2022-04-23T15:05:08Z
Channel: IppSec
Description: 00:00 - Intro 00:50 - Start of nmap 02:10 - Starting WPSCAN 02:50 - There's no index.php in wp-content/plugins/, which lets us find a vulnerable plugin ...

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Intro 00:50 - Start of nmap 02:10 - Starting WPSCAN 02:50 - There's no index.php in wp-content/plugins/, which lets us find a vulnerable plugin (eBook Download 1.1) 05:50 - Playing with the eBook Download LFI 07:45 - Doing a full nmap portscan 08:20 - Using the LFI to extract the process names with curling /proc and doing some cut/sed magic 10:15 - Downloading the cmdline for the first 1000 PID's 13:00 - Using find to show us files greater than a couple bytes to show us every valid PID 14:40 - Examining the final output, discovering screen running and gdb 16:00 - Using metasploit to ex…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Intro

0:50 Start of nmap

2:10 Starting WPSCAN

2:50 There's no index.php in wp-content/plugins/, which lets us find a vulnerable p

5:50 Playing with the eBook Download LFI

7:45 Doing a full nmap portscan

8:20 Using the LFI to extract the process names with curling /proc and doing some c

10:15 Downloading the cmdline for the first 1000 PID's

13:00 Using find to show us files greater than a couple bytes to show us every valid

14:40 Examining the final output, discovering screen running and gdb

16:00 Using metasploit to exploit GDB

21:50 Reverse shell returned, playing with screen to connect to the session

24:30 Attaching to the root session, then digging into why this worked

31:40 Digging into wpscan to see how to make it find this

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →