HackTheBox - Bucket

Name: HackTheBox - Bucket
Uploaded: 2021-04-24T15:40:13Z
Channel: IppSec
Description: 00:00 - Intro 00:57 - Start of nmap discovering the HTTP Site bucket.htb 03:30 - Poking at the website, using the developer console to discover s3.bucke...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 00:57 - Start of nmap discovering the HTTP Site bucket.htb 03:30 - Poking at the website, using the developer console to discover s3.bucket.htb 05:00 - Using curl to view HTTP Headers and discovering amazon 05:30 - Oh god... I forgot to edit the URL in this gobuster! Actually created a feature request in GoBuster to fix this mistake from happening. 05:45 - Installing AWS CLI 06:30 - Using the aws to connect to a custom endpoint, then configure credentials 07:30 - Exploring the S3 Bucket 09:25 - Using S3 to add a reverse shell to the website 11:15 - Reverse Shell returned, spendi…

Watch on YouTube ↗ (saves to browser)

Chapters (28)

Intro

0:57 Start of nmap discovering the HTTP Site bucket.htb

3:30 Poking at the website, using the developer console to discover s3.bucket.htb

5:00 Using curl to view HTTP Headers and discovering amazon

5:30 Oh god... I forgot to edit the URL in this gobuster! Actually created a featur

5:45 Installing AWS CLI

6:30 Using the aws to connect to a custom endpoint, then configure credentials

7:30 Exploring the S3 Bucket

9:25 Using S3 to add a reverse shell to the website

11:15 Reverse Shell returned, spending some time to start taking notes.

16:30 End of notes, poking around on the terminal to find

19:00 Discovering some weird ports, checking the apache configuration to see if they

20:55 The Apache mpm_itk_module specifies the site is running as root and not www-da

23:50 Poking at DynamoDB to get user credentials

26:10 Doing some jq fu to get exactly the information we want and building a usernam

30:00 Explaining extended file attributes and using getfacl to see Roy can access bu

33:30 Exploring the bucket-app to see it pull information from DynamoDB to build PDF

35:05 Using Flameshot to explain exactly what is happening in the code

40:00 Looking at pd4ml (library used to make PDF) to see we can attach a file

41:45 Doing a port forward to forward port 8000 back to our box

43:00 Creating the alerts table in DynamoDB

45:50 Creating the JSON Document we want to insert into the alert table

48:10 Using AWS dynamodb --put-item to put the document into the table

49:50 Creating the PDF and pulling /etc/passwd from the server

52:00 Because this is java if we fopen a directory, we get a listing, discovering .s

53:00 Pulling the SSH Key

54:22 Exploring our notes to see what else we wanted to do

56:20 Showing off the timeline plugin in obsidian

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →