HackTheBox - Chainsaw

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·6y ago

Skills: AI Security90%Defensive AI80%Agentic Coding70%AI Systems Design70%

01:05 - Begin of recon 02:45 - Downloading and analyzing the files off the anonymous FTP Directory 05:00 - Looking into solidity to see what these files are about 06:30 - The full portscan finished, trying to find out what port 9810 07:05 - Recommended reading to understand blockchain fundamentals 08:30 - Begin writing the script to interact with the smart contract 12:50 - Calling the getDomain function, then setting the domain to our IP and seeing the ping 15:30 - Command injection found, getting a reverse shell via bash 17:10 - Checking the source code to see why this worked 19:50 - Looking into what IPFS is (found in administrators home directory) 21:33 - Running ipfs refs local to list all files 21:50 - Dropping a SSH Key so we can get off this reverse shell 23:15 - Writing a loop around ipfs refs local to list all the files, then cat the emails. 26:45 - Cracking the SSH Key with sshng2john and john 29:27 - Exploiting the ChainsawClub via path injection and the program executing sudo via a non-absolute path 32:40 - Explaining the package managers place things in */local/* directories. 33:30 - Writing a loop around dpkg --search to find binaries in the path that the systems package manager doesn't know about 36:11 - Explaining file blocks and slack space 37:25 - Using bmap to extract data out of slack space 39:50 - Exploiting ChainsawClub the intended way by playing with the smart contract 47:00 - Calling setUsername to create ippsec, then setPassword to create a password 51:20 - Running setApprove and transfer to satisfy the other things, then logging into the ChainsawClub

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

The Dark Side of Artificial Intelligence in Cyber Security

Explore the dark side of AI in cyber security and its impact on modern digital threats

The Dark Side of Artificial Intelligence in Cyber Security

Explore the dark side of AI in cybersecurity and its impact on modern digital threats

Medium · Cybersecurity

Evidence Loops, Not Bigger Prompts: The Next Edge in AI Vulnerability Research

Use evidence loops to improve AI vulnerability research, increasing efficiency by compressing the iteration cycle from suspicion to evidence

Evidence Loops, Not Bigger Prompts: The Next Edge in AI Vulnerability Research

Learn how AI enhances security research by compressing the iteration cycle from suspicion to evidence, rather than replacing human researchers

Medium · Cybersecurity

Chapters (22)

1:05 Begin of recon

2:45 Downloading and analyzing the files off the anonymous FTP Directory

5:00 Looking into solidity to see what these files are about

6:30 The full portscan finished, trying to find out what port 9810

7:05 Recommended reading to understand blockchain fundamentals

8:30 Begin writing the script to interact with the smart contract

12:50 Calling the getDomain function, then setting the domain to our IP and seeing t

15:30 Command injection found, getting a reverse shell via bash

17:10 Checking the source code to see why this worked

19:50 Looking into what IPFS is (found in administrators home directory)

21:33 Running ipfs refs local to list all files

21:50 Dropping a SSH Key so we can get off this reverse shell

23:15 Writing a loop around ipfs refs local to list all the files, then cat the emai

26:45 Cracking the SSH Key with sshng2john and john

29:27 Exploiting the ChainsawClub via path injection and the program executing sudo

32:40 Explaining the package managers place things in */local/* directories.

33:30 Writing a loop around dpkg --search to find binaries in the path that the syst

36:11 Explaining file blocks and slack space

37:25 Using bmap to extract data out of slack space

39:50 Exploiting ChainsawClub the intended way by playing with the smart contract

47:00 Calling setUsername to create ippsec, then setPassword to create a password

51:20 Running setApprove and transfer to satisfy the other things, then logging into

Lead AI Governance, Policy, and Continuous Compliance