HackTheBox - Chainsaw

Name: HackTheBox - Chainsaw
Uploaded: 2019-11-23T15:12:14Z
Channel: IppSec
Description: 01:05 - Begin of recon 02:45 - Downloading and analyzing the files off the anonymous FTP Directory 05:00 - Looking into solidity to see what these files...

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·6y ago

01:05 - Begin of recon 02:45 - Downloading and analyzing the files off the anonymous FTP Directory 05:00 - Looking into solidity to see what these files are about 06:30 - The full portscan finished, trying to find out what port 9810 07:05 - Recommended reading to understand blockchain fundamentals 08:30 - Begin writing the script to interact with the smart contract 12:50 - Calling the getDomain function, then setting the domain to our IP and seeing the ping 15:30 - Command injection found, getting a reverse shell via bash 17:10 - Checking the source code to see why this worked 19:50 - Looking …

Watch on YouTube ↗ (saves to browser)

Chapters (22)

1:05 Begin of recon

2:45 Downloading and analyzing the files off the anonymous FTP Directory

5:00 Looking into solidity to see what these files are about

6:30 The full portscan finished, trying to find out what port 9810

7:05 Recommended reading to understand blockchain fundamentals

8:30 Begin writing the script to interact with the smart contract

12:50 Calling the getDomain function, then setting the domain to our IP and seeing t

15:30 Command injection found, getting a reverse shell via bash

17:10 Checking the source code to see why this worked

19:50 Looking into what IPFS is (found in administrators home directory)

21:33 Running ipfs refs local to list all files

21:50 Dropping a SSH Key so we can get off this reverse shell

23:15 Writing a loop around ipfs refs local to list all the files, then cat the emai

26:45 Cracking the SSH Key with sshng2john and john

29:27 Exploiting the ChainsawClub via path injection and the program executing sudo

32:40 Explaining the package managers place things in */local/* directories.

33:30 Writing a loop around dpkg --search to find binaries in the path that the syst

36:11 Explaining file blocks and slack space

37:25 Using bmap to extract data out of slack space

39:50 Exploiting ChainsawClub the intended way by playing with the smart contract

47:00 Calling setUsername to create ippsec, then setPassword to create a password

51:20 Running setApprove and transfer to satisfy the other things, then logging into

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →