HackTheBox - Dyplesher

00:00 - Intro 01:10 - Start of the box, running nmap with all ports. 03:00 - Using a Google Image Search to map icons with applications 04:20 - Manually fuzzing test.dyplesher.htb to check if there's any easy vulns 07:30 - Running NMAP Scripts against the results of our full port scan with awk and ORS 10:15 - Discovering a .git repo exposed on the website, using git-dumper to download it 13:00 - Memcache credentials discovered, download and test auth 16:00 - Creating a simple web application that will let us fuzz the remote memcat service 22:30 - Logging into GOGS as Felamos to download another repo, using git to restore a git bundle file 29:30 - Logging into dyplesher.htb with creds in the Git Repo 33:40 - MINECRAFT PLUGIN: Setting up our environment (IntelliJ) 37:20 - MINECRAFT PLUGIN: Skeleton Code 42:10 - MINECRAFT PLUGIN: Uploading the plugin and checking console 43:30 - MINECRAFT PLUGIN: Adding the ability to READ FILES and print Current Username 50:00 - MINECRAFT PLUGIN: Had trouble getting it to run, had to revert 51:30 - MINECRAFT PLUGIN: Add the ability to write files and drop SSH Key + Web Shell 01:03:00 - MINECRAFT PLUGIN: SSH Key and WebShell dropped! Logging into the server 01:06:15 - Discovering DumpCap can be ran by our user, dumping localhost then running wireshark 01:13:25 - Discovering credentials in AMQP Traffic, these work on SSH 01:15:40 - Downloading AMQP-PUBLISH to send a URL to the queue as the note says 01:20:15 - Running PSPY while we dig through the wireshark some more, find the password in WireShark 01:22:20 - Using AMQP-PUBLISH with the correct credential and get the server to download a file 01:24:40 - Searching Cuberite plugins, to see its just lua. Writing a quick plugin and getting code execution 01:27:00 - Getting a root shell 01:29:40 - Failing to do some ERLANG stuff. May be useful if you want to try it yourself but i didn't get it working 01:35:00 - Exploring iptable/ufw rules and common mistakes