HackTheBox - Compiled

Name: HackTheBox - Compiled
Uploaded: 2024-12-14T15:01:20Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:20 - Entering our IP Address into the website and viewing the request within NC to see the useragent (git/...

IppSec · Beginner ·🤖 AI Agents & Automation ·1y ago

00:00 - Introduction 01:00 - Start of nmap 03:20 - Entering our IP Address into the website and viewing the request within NC to see the useragent (git/2.45.0.windows.1) 06:50 - Going over CVE-2024-32002 which is a RCE within Git on case insensitive file systems 12:00 - Creating the malicious git project 21:15 - Our exploit didn't work, editing the post hook to be a base64 encoded powershell reverse shell 27:15 - Reverse shell returned downloading the Gitea database 31:00 - Looking at how gitea formats the PBKDF2 hash, converting it to a hashcat format 37:00 - Creating a python script to dump …

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

1:00 Start of nmap

3:20 Entering our IP Address into the website and viewing the request within NC to

6:50 Going over CVE-2024-32002 which is a RCE within Git on case insensitive file s

12:00 Creating the malicious git project

21:15 Our exploit didn't work, editing the post hook to be a base64 encoded powershe

27:15 Reverse shell returned downloading the Gitea database

31:00 Looking at how gitea formats the PBKDF2 hash, converting it to a hashcat forma

37:00 Creating a python script to dump hashes from a gitea database in hashcat forma

47:25 Shell as Emily, discovering Visual Studio version

51:00 Going over CVE-2024-20656 which is a privesc within Visual Studio

58:00 Going over the code, editing it to send us a reverse shell

1:06:25 Exploit didn't work, going back over the code and discovering it has the wrong

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →