HackTheBox - Cache

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

Skills: AI Security90%Defensive AI80%Security Basics80%Tool Use & Function Calling70%

00:00 - Intro 01:10 - Running NMAP and checking out the page 03:30 - Author page contains a hint to do some type Domain Brute Forcing 04:25 - The Login form won't go to burpsuite, lets check out javascript 08:05 - Doing VirtualHost (VHOST) Bruteforcing with GoBuster to discover hms.htb 12:00 - Discovering OpenEMR, running searchsploit, attempting to find the version of it 15:25 - Searchsploit doesn't have any exploits, checking one on google to find a SQL Injection 19:00 - Discovering error based SQL Injection (XPATH) 23:10 - Manually extracting data from error based SQL Injection (XPATH) 27:25 - Using BurpSuite Intruder to aid us in running a bunch of SQL Injections, incrementing a number to get all the fields 33:08 - XPATH Injection only extracts 32 characters, we need to use SUBSTRING to extract fields longer than 32 37:40 - Logging into OpenEMR then using file upload functionality to upload a webshell 46:15 - Enumerating Memcache to discover credentials for luffy 50:40 - Luffy is a member of Docker, using GTFO Bins to use docker to privesc 56:00 - EXTRA: Going back to memcache, lets forward the memcache port to our box via chisel, so we can easily run tools against it. 01:01:25 - Using Metasploit to dump memcache 01:02:40 - Using Memcache utilities to manually enumerate memcache

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

Subresource Integrity: Protecting Your Site from CDN Compromise

Learn how to protect your site from CDN compromise using Subresource Integrity, a security feature that ensures the integrity of external resources

Dev.to · Jonathan Pimperton

Understanding PDF Metadata: What Your Documents Reveal

Learn how to extract and analyze PDF metadata to uncover hidden information and potential security risks

Dev.to · Iurii Rogulia

HDFC AMC Just Confirmed a Cybersecurity Incident.

HDFC AMC confirms cybersecurity incident after anonymous source claims access to IT systems, highlighting need for robust security measures

Medium · Cybersecurity

BEFORE YOU TOUCH THE TARGET: A PASSIVE AND ACTIVE RECON WALK-THROUGH FOR CYBERSECURITY…

Conduct thorough reconnaissance before exploiting a target to gather crucial information for a successful cybersecurity operation

Medium · Cybersecurity

Chapters (17)

Intro

1:10 Running NMAP and checking out the page

3:30 Author page contains a hint to do some type Domain Brute Forcing

4:25 The Login form won't go to burpsuite, lets check out javascript

8:05 Doing VirtualHost (VHOST) Bruteforcing with GoBuster to discover hms.htb

12:00 Discovering OpenEMR, running searchsploit, attempting to find the version of i

15:25 Searchsploit doesn't have any exploits, checking one on google to find a SQL I

19:00 Discovering error based SQL Injection (XPATH)

23:10 Manually extracting data from error based SQL Injection (XPATH)

27:25 Using BurpSuite Intruder to aid us in running a bunch of SQL Injections, incre

33:08 XPATH Injection only extracts 32 characters, we need to use SUBSTRING to extra

37:40 Logging into OpenEMR then using file upload functionality to upload a webshell

46:15 Enumerating Memcache to discover credentials for luffy

50:40 Luffy is a member of Docker, using GTFO Bins to use docker to privesc

56:00 EXTRA: Going back to memcache, lets forward the memcache port to our box via c

1:01:25 Using Metasploit to dump memcache

1:02:40 Using Memcache utilities to manually enumerate memcache

VPC Service Controls: Day Two Operations