HackTheBox - Compromised

Name: HackTheBox - Compromised
Uploaded: 2021-01-23T15:01:05Z
Channel: IppSec
Description: 00:00 - Intro 01:30 - Start of nmap, discover web and ssh. Discover litecart, fail to find a way to identify version 03:10 - Running GoBuster to find t...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Intro 01:30 - Start of nmap, discover web and ssh. Discover litecart, fail to find a way to identify version 03:10 - Running GoBuster to find the backup directory 05:20 - Examining the tar archive 06:30 - Talking about the unix time being 32-bit timestamps but tar did not keep entire timestamp 09:10 - Using find with printf to sort files by modified time 10:30 - Discovering the admin/login.php file was modified to drop the credentials to disk 11:50 - Logging into LiteCart as admin 13:20 - Finding exploits on searchsploit, then manually running through the exploit because its Python2 w…

Watch on YouTube ↗ (saves to browser)

Chapters (23)

Intro

1:30 Start of nmap, discover web and ssh. Discover litecart, fail to find a way to

3:10 Running GoBuster to find the backup directory

5:20 Examining the tar archive

6:30 Talking about the unix time being 32-bit timestamps but tar did not keep entir

9:10 Using find with printf to sort files by modified time

10:30 Discovering the admin/login.php file was modified to drop the credentials to d

11:50 Logging into LiteCart as admin

13:20 Finding exploits on searchsploit, then manually running through the exploit be

17:20 Uploading our PHP Shell but it doesn't work, checking for PHP Disabled functio

20:50 Running through Chankro even thoe it wouldn't work.

23:50 Uploading large binary files in BURPSUITE by pasting base64 and decoding it wi

25:33 Chankro wont work due to putenv being disabled. Looks like there's a PHP 7.0 -

28:15 Attempting a reverse shell but it doesn't work. Viewing iptables configuratio

29:45 Using my Forward Shell script to get a TTY on the box

34:00 Again, talking about 32-bit timestamps to find files that were put into /lib/

36:30 Discovering the PAM Backdoor (pam_unix.so), then reversing it to get a skeleto

43:30 BOX COMPLETED. Doing USER/ROOT a different way

45:00 Generating a Weevely Reverse shell which will let us do more things in PHP

47:00 Discovering MySQL has a bash shell

49:30 Discovering the MySQL has a UDF (User Defined Function) that allows for code e

53:30 Dropping an SSH Key, then seeing a strace-log.dat file which acts as a keylogg

1:00:15 Discovering a LD_PRELOAD Rootkit (libdate.so),reversing it to see a hidden pri

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →