HackTheBox - Era

Name: HackTheBox - Era
Uploaded: 2025-11-29T17:14:26+00:00
Channel: IppSec
Description: 00:00 - Introduction 00:55 - Start of nmap 04:45 - Discovering the file subdomain 08:10 - Bruteforcing files to find login.php 11:25 - Bruteforcing ID's...

IppSec · Beginner ·🔐 Cybersecurity ·4mo ago

00:00 - Introduction 00:55 - Start of nmap 04:45 - Discovering the file subdomain 08:10 - Bruteforcing files to find login.php 11:25 - Bruteforcing ID's on the download functionality, discovering two other files 18:10 - Got creds from the database dump, logging into ftp and downloading Apache backup 23:10 - Looking at the source code, discovering some weird behavior around PHP Streams and the download functionality 26:27 - Logging in as admin with security questions 32:08 - Looking at PHP Wrappers, then using the SSH One to login and run a command to get a shell 37:55 - Looking at files owned …

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:55 Start of nmap

4:45 Discovering the file subdomain

8:10 Bruteforcing files to find login.php

11:25 Bruteforcing ID's on the download functionality, discovering two other files

18:10 Got creds from the database dump, logging into ftp and downloading Apache back

23:10 Looking at the source code, discovering some weird behavior around PHP Streams

26:27 Logging in as admin with security questions

32:08 Looking at PHP Wrappers, then using the SSH One to login and run a command to

37:55 Looking at files owned by the group devs, discovering a monitor binary

41:20 Making an ELF File and uploading it, to discover it needs to be signed

45:20 Using docker to build the linux-elf-binary-signer program on github, then sign

54:10 Showing we could of done this with just pspy and copying the text_sig because

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →