HackTheBox - Dab

Name: HackTheBox - Dab
Uploaded: 2019-02-02T15:03:20Z
Channel: IppSec
Description: 00:40 - Begin of the box 03:20 - Checking the HTTP Ports out 04:38 - Using wfuzz to bruteforce a login on port 80 08:15 - Begin examining port 8080, use...

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·7y ago

00:40 - Begin of the box 03:20 - Checking the HTTP Ports out 04:38 - Using wfuzz to bruteforce a login on port 80 08:15 - Begin examining port 8080, use wfuzz to bruteforce a cookie 11:30 - Using wfuzz to enumerate the WAF and determine bad characters 14:40 - Doing a SSRF Like attack with wfuzz and enumerating open ports on localhost. 16:50 - Begin examining port 11211 (MemCache) 18:00 - Dumping data from Memcache 23:50 - Using CVE-2018-15473 to enumerate valid users over SSH 27:35 - Cracking the users hash and logging into the box 29:00 - Using R2 to analyzing rabbit hole application "try_har…

Watch on YouTube ↗ (saves to browser)

Chapters (17)

0:40 Begin of the box

3:20 Checking the HTTP Ports out

4:38 Using wfuzz to bruteforce a login on port 80

8:15 Begin examining port 8080, use wfuzz to bruteforce a cookie

11:30 Using wfuzz to enumerate the WAF and determine bad characters

14:40 Doing a SSRF Like attack with wfuzz and enumerating open ports on localhost.

16:50 Begin examining port 11211 (MemCache)

18:00 Dumping data from Memcache

23:50 Using CVE-2018-15473 to enumerate valid users over SSH

27:35 Cracking the users hash and logging into the box

29:00 Using R2 to analyzing rabbit hole application "try_harder"

33:30 Going through LinEnum

38:30 Using r2 to examine myexec to find password

40:13 Using r2 to examine libseclogin.so

41:30 Examining ld.so.conf.d to identify if we can use ldconfig to hijack a library

42:10 Creating a malicious library to hijack seclogin()

45:10 Lets bypass the login by hijacking printf()

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →