HackTheBox - Bizness

Name: HackTheBox - Bizness
Uploaded: 2024-05-25T15:00:33Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work h...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here 04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster 07:40 - Discovering the OfBiz Version, looking for exploits 09:00 - Going over the Authentication Bypass in OfBiz 12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions 14:30 - Building a ReverseShell Payload that works with YSOSERIAL 18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Databas…

Watch on YouTube ↗ (saves to browser)

Chapters (11)

Introduction

1:00 Start of nmap

3:00 Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /

4:30 Dirbusting with FFUF because the lack of 404's messed with gobuster

7:40 Discovering the OfBiz Version, looking for exploits

9:00 Going over the Authentication Bypass in OfBiz

12:40 Downloading YSOSERIAL and building a Docker so we don't have to worry about Ja

14:30 Building a ReverseShell Payload that works with YSOSERIAL

18:40 Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Dat

22:30 Copy the Derby Database then using IJ from Derby-Tools to dump the data

26:40 The hash in the database is a URL Base64 Encoded, decoding it reveals it has a

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →