HackTheBox - Broker

Name: HackTheBox - Broker
Uploaded: 2023-11-09T15:07:21Z
Channel: IppSec
Description: 00:00 - Intro 01:00 - Start of nmap 01:45 - Logging into ActiveMQ with admin:admin and then failing to use the exploit from 2016 04:00 - Doing a full nm...

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

00:00 - Intro 01:00 - Start of nmap 01:45 - Logging into ActiveMQ with admin:admin and then failing to use the exploit from 2016 04:00 - Doing a full nmap scan, then running script scans on the open ports 07:50 - Finding a page that talks about CVE-2023-46604, the latest activemq exploit 11:00 - Pulling down an exploit payload for this exploit, it is golang 12:30 - Modifying the payload to execute a reverse shell, instead of downloading and executing an elf file. Need to HTML Entity Encode the payload 16:30 - Reverse shell returned, seeing we can run nginx as root 17:20 - Building an nginx con…

Watch on YouTube ↗ (saves to browser)

Chapters (11)

Intro

1:00 Start of nmap

1:45 Logging into ActiveMQ with admin:admin and then failing to use the exploit fro

4:00 Doing a full nmap scan, then running script scans on the open ports

7:50 Finding a page that talks about CVE-2023-46604, the latest activemq exploit

11:00 Pulling down an exploit payload for this exploit, it is golang

12:30 Modifying the payload to execute a reverse shell, instead of downloading and e

16:30 Reverse shell returned, seeing we can run nginx as root

17:20 Building an nginx config that runs as root and shares the entire filesystem

23:08 Enabling the WebDav PUT so we can upload files to the server and uploading an

27:05 Showing we could upload a cron entry aswell to get code execution

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →