HackTheBox - Corporate (FIXED)

Name: HackTheBox - Corporate (FIXED)
Uploaded: 2024-07-14T11:26:31Z
Channel: IppSec
Description: Sorry for the double upload. The last 45 seconds were missing from the first video. 00:00 - Introduction 01:00 - Start of nmap 02:45 - Playing with the ...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

Sorry for the double upload. The last 45 seconds were missing from the first video. 00:00 - Introduction 01:00 - Start of nmap 02:45 - Playing with the Agent Chat, discovering we can send HTML then testing for XSS then seeing CSP (Content Security Policy) Stops us 06:20 - Testing for the ability to perform redirection via HTML via meta refresh 09:20 - Discovering the 404 error page has reflective XSS, but CSP Blocks us from running XSS on the page itself 10:15 - Finding one of the Analytics JavaScript Files allows for reflective injection, allowing us to insert javascript 13:00 - Having a Met…

Watch on YouTube ↗ (saves to browser)

Chapters (20)

Introduction

1:00 Start of nmap

2:45 Playing with the Agent Chat, discovering we can send HTML then testing for XSS

6:20 Testing for the ability to perform redirection via HTML via meta refresh

9:20 Discovering the 404 error page has reflective XSS, but CSP Blocks us from runn

10:15 Finding one of the Analytics JavaScript Files allows for reflective injection,

13:00 Having a Meta Redirect to the double reflective xss injection and stealing a c

22:10 Logged into the SSO by replaying the cookie and testing password reset

29:00 Getting a second session so we can test the file-sharing capability

37:10 Creating a script that will enumerate users based upon the people directory, t

56:30 Going over the internal nmap scan from the VPN

1:03:54 Looking at the Mozilla directory, discovering there is a BitWarden plugin inst

1:11:00 Extracting the Bitwarden PinProtected Hash so we can crack it

1:31:30 Downloading all the Git Repo's and finding a secret in the commit history and

1:37:00 Using GetEnt on the Linux workstation to enumerate groups in ldap

1:42:50 Creating a JWT of the Engineering group, changing the password then logging in

1:45:30 Downloading a Docker Image from our box, and copying it to the remote host so

1:49:10 As root we can SU to other users, then find an SSH Key for Sysadmin to the mai

1:55:55 Proxmox backups on the mainhost have the authkey.key file which is the RSA Sig

1:58:30 Creating a proxmox cookie with the RSA Signing Key and then using the API to c

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →