HackTheBox - Blunder

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

Skills: Security Basics90%AI Security80%Defensive AI70%

00:00 - Intro 01:03 - Start of NMAP 04:30 - Discovering install.php, which says bludit is being installed. 06:30 - Looking for exploits searchsploit, everything requires Auth 07:35 - Attempting a login and noticing the CSRF Tokens 09:20 - Looking for exploits online that haven't made it to SearchSploit yet 12:00 - Placing the X-FORWARDED-FOR header to bypass brute force protection 15:40 - Creating a Python Brute Forcer 16:45 - Scripting: Grabbing the CSRF Value with python requests 18:20 - Scripting: Grabbing the PHP Session Cookie with python requests 18:20 - Scripting: Sending a login request with python requests 18:20 - Scripting: Telling request to not follow and detect a valid login 31:10 - Using Cewl to build a wordlist, then changing our python script to pull passwords from our wordlist 34:30 - Scripting: Setting a random IP in X-Forwarded-For header 37:50 - Scripting: Scripting fixing a bug then getting a password via brute force! 41:00 - Start of playing around with the Bludit Image Upload Vulnerability. 45:10 - Having trouble, running the exploit with metasploit through a proxy to understand what is going on 47:50 - Uploading a PHP Reverse shell then HTAccess file to get code execution 01:02:30 - Reverse shell returned, finding passwords in the bludit database, then cracking them. 01:08:20 - Cracked a password for hugo, switching to his user 01:09:30 - Doing the SUDO underflow exploit

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Security Basics

View skill →

HackTheBox - Analytics

HackTheBox - Analytics

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

Amazon Web Services

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Configure and Deploy AWS Client VPN

Configure and Deploy AWS Client VPN

Related AI Lessons

Subresource Integrity: Protecting Your Site from CDN Compromise

Learn how to protect your site from CDN compromise using Subresource Integrity, a security feature that ensures the integrity of external resources

Dev.to · Jonathan Pimperton

Understanding PDF Metadata: What Your Documents Reveal

Learn how to extract and analyze PDF metadata to uncover hidden information and potential security risks

Dev.to · Iurii Rogulia

HDFC AMC Just Confirmed a Cybersecurity Incident.

HDFC AMC confirms cybersecurity incident after anonymous source claims access to IT systems, highlighting need for robust security measures

Medium · Cybersecurity

BEFORE YOU TOUCH THE TARGET: A PASSIVE AND ACTIVE RECON WALK-THROUGH FOR CYBERSECURITY…

Conduct thorough reconnaissance before exploiting a target to gather crucial information for a successful cybersecurity operation

Medium · Cybersecurity

Chapters (21)

Intro

1:03 Start of NMAP

4:30 Discovering install.php, which says bludit is being installed.

6:30 Looking for exploits searchsploit, everything requires Auth

7:35 Attempting a login and noticing the CSRF Tokens

9:20 Looking for exploits online that haven't made it to SearchSploit yet

12:00 Placing the X-FORWARDED-FOR header to bypass brute force protection

15:40 Creating a Python Brute Forcer

16:45 Scripting: Grabbing the CSRF Value with python requests

18:20 Scripting: Grabbing the PHP Session Cookie with python requests

18:20 Scripting: Sending a login request with python requests

18:20 Scripting: Telling request to not follow and detect a valid login

31:10 Using Cewl to build a wordlist, then changing our python script to pull passwo

34:30 Scripting: Setting a random IP in X-Forwarded-For header

37:50 Scripting: Scripting fixing a bug then getting a password via brute force!

41:00 Start of playing around with the Bludit Image Upload Vulnerability.

45:10 Having trouble, running the exploit with metasploit through a proxy to underst

47:50 Uploading a PHP Reverse shell then HTAccess file to get code execution

1:02:30 Reverse shell returned, finding passwords in the bludit database, then crackin

1:08:20 Cracked a password for hugo, switching to his user

1:09:30 Doing the SUDO underflow exploit

VPC Service Controls: Day Two Operations