HackTheBox - Buff

Name: HackTheBox - Buff
Uploaded: 2020-11-21T19:45:57Z
Channel: IppSec
Description: 00:00 - Introduction 00:45 - Begin of nmap and poking at the website 03:00 - Checking when an image was uploaded to the server with wget and exiftool 04...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·5y ago

00:00 - Introduction 00:45 - Begin of nmap and poking at the website 03:00 - Checking when an image was uploaded to the server with wget and exiftool 04:10 - Contact.php discloses the software Gym Management Software is being used. Examining the exploit 06:10 - Editing the Python Exploit to force everything through a proxy, so we can examine what the exploit does. 08:30 - Running the exploit and examining in Burp 14:20 - Having trouble getting a reverse shell via PS, Uploading NC.EXE to do it 17:10 - Running WinPEAS.exe 21:00 - Discovering CloudMe in the Downloads directory then looking at t…

Watch on YouTube ↗ (saves to browser)

Chapters (15)

Introduction

0:45 Begin of nmap and poking at the website

3:00 Checking when an image was uploaded to the server with wget and exiftool

4:10 Contact.php discloses the software Gym Management Software is being used. Exa

6:10 Editing the Python Exploit to force everything through a proxy, so we can exam

8:30 Running the exploit and examining in Burp

14:20 Having trouble getting a reverse shell via PS, Uploading NC.EXE to do it

17:10 Running WinPEAS.exe

21:00 Discovering CloudMe in the Downloads directory then looking at the exploit

23:20 CloudMe isn't listening on a port... Reverting and getting a shell again

25:30 Reverse shell returned... Still waiting for CloudMe to listen on a port

27:27 Uploading Chisel to the box, then doing a port forward for MySQL to enumerate

31:00 Finding MySQL Credentials in db.php, then checking the database from our box t

34:30 Replacing the payload in the CloudMe exploit with a reverse shell

37:20 Running the exploit and getting root

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →