HackTheBox - Doctor

Name: HackTheBox - Doctor
Uploaded: 2021-02-06T15:00:15Z
Channel: IppSec
Description: 00:00 - Intro 00:57 - Start of Nmap 01:40 - Poking at the website and doing Gobuster/SQLMap In the BG 07:50 - Registering an account and enumerating the...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Intro 00:57 - Start of Nmap 01:40 - Poking at the website and doing Gobuster/SQLMap In the BG 07:50 - Registering an account and enumerating the new features, looking for XSS 08:30 - Testing if the box will click links, discovering Curl reaches back to us 11:20 - Finding command injection in the URL, finding a way to execute commands with spaces 13:37 - Brace expansion isn't working, but IFS allows us bypass space being a bad character 15:30 - Trying to get a reverse shell but failing due to bad characters 18:47 - Using Curl to download a rev shell script and then execute it in order t…

Watch on YouTube ↗ (saves to browser)

Chapters (18)

Intro

0:57 Start of Nmap

1:40 Poking at the website and doing Gobuster/SQLMap In the BG

7:50 Registering an account and enumerating the new features, looking for XSS

8:30 Testing if the box will click links, discovering Curl reaches back to us

11:20 Finding command injection in the URL, finding a way to execute commands with s

13:37 Brace expansion isn't working, but IFS allows us bypass space being a bad char

15:30 Trying to get a reverse shell but failing due to bad characters

18:47 Using Curl to download a rev shell script and then execute it in order to avoi

22:00 Transfering site.db to our box, so we can view the contents and attemp to crac

29:40 Finding out we are part of the ADM Group and can read logs! Log contains a pas

33:50 Checking the Splunk Version and looking for exploits

34:55 Didn't see anything in SearchSploit googling for an exploit then getting root

38:22 Unintended: Exploring the SSTI Vulnerability

39:45 Using Basic SSTI to identify what framework the website is using

42:20 Creating an SSTI Jinja2 Reverse Shell payload and getting a shell

45:00 Exploring the CURL Vulnerability

47:00 Deep dive into the SSTI Vulnerability and patching it

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →