HackTheBox - Devzat

Name: HackTheBox - Devzat
Uploaded: 2022-03-12T15:19:26Z
Channel: IppSec
Description: 00:00 - Intro 01:15 - Start of nmap 03:00 - Poking at the SSH Chat Application 05:10 - Running a VHOST Scan and discovering pets.devzat.htb 08:30 - Dis...

IppSec · Beginner ·🧠 Large Language Models ·4y ago

00:00 - Intro 01:15 - Start of nmap 03:00 - Poking at the SSH Chat Application 05:10 - Running a VHOST Scan and discovering pets.devzat.htb 08:30 - Discovering pets.devzat.htb doesn't have a 404 and is a golang webserver 10:55 - Fuzzing the user input on pets 14:10 - Webapp ignores when a semicolon is at the end of user input, indication to command injection [MasterRecon] 16:20 - Using Gobuster to discover the .git directory and working around the issue of the box having no 404 errors. Use git-dumper to extract. 19:00 - Doing some light source code analysis on the Go Binary 23:15 - Showing it…

Watch on YouTube ↗ (saves to browser)

Chapters (21)

Intro

1:15 Start of nmap

3:00 Poking at the SSH Chat Application

5:10 Running a VHOST Scan and discovering pets.devzat.htb

8:30 Discovering pets.devzat.htb doesn't have a 404 and is a golang webserver

10:55 Fuzzing the user input on pets

14:10 Webapp ignores when a semicolon is at the end of user input, indication to com

16:20 Using Gobuster to discover the .git directory and working around the issue of

19:00 Doing some light source code analysis on the Go Binary

23:15 Showing it is also an LFI Vulnerability, just incase command injection was pat

29:00 Reverse shell returned, examining the git log of the files, don't see anything

30:50 Discovering from localhost we can login to chat as anyone, but messages are hi

36:40 Looking for an InfluxDB vulnerability via exploit-db, changelog, and synk

39:40 Going to git, and pulling up the issue created for this issue so we can unders

41:30 Using JWT.IO to create a token with a blank signature

45:20 Testing our authentication bypass with curl, then creating a bash script to ma

47:00 Using the HTTP API of InfluxDB to show databses, tables, and dump data to get

53:20 Using the find command to find files owned by catherine, to find a backup of t

55:40 Finding all the files that differ between two directories via find, md5sum, an

59:00 Discovering the hard coded password required for the FILE command in the new d

1:00:40 Grabbing roots SSH Key via an LFI in the FILE Command

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HackTheBox - Devzat

Chapters (21)

Playlist

Lesson complete!