HackTheBox - FormulaX

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 04:30 - Examining the Change Password functionality 06:20 - Discovering XSS In the Contact Form 11:15 - Building an XSS Cradle that manipulates the DOM to load an external JS file 18:35 - Creating an XSS that will send interact with the webchat and exfil messages back to us 26:30 - Discovering a new subdomain from the Online Chat 30:15 - Showing why we could not use Script SRC with our XSS Attack and why we used the DOM Technique 37:34 - Looking at the Git Auto Report Generating and discovering it uses simple-git v3.14 which has an RCE Vulnerability 44:40 - Shell on the box, dumping the mongo database 52:00 - Shell as Frank_Dorky 52:30 - Looking at the services running on the box to enumerate what each port is 55:30 - Showing bad permissions on the LibreNMS Directory which allows us to read and execute files in /opt/librenms 59:30 - Using the Templates in LibreNMS to get code execution 01:04:00 - Showing the intended way to exploit LibreNMS which is using a malicious SNMP Trap to attack an admin via XSS 1:17:30 - Exploiting the OpenOffice network port

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

The Hidden Security Problem in IoT Asset Tracking Systems

Discover the hidden security risks in IoT asset tracking systems and how to mitigate them

Medium · Cybersecurity

I Managed WordPress Security Across 1500+ Clients. The Main Reason WP Sites Get Hacked.

WordPress sites are commonly hacked due to vulnerable plugins, not sophisticated attacks, and learning to manage plugin security is crucial

What Is YubiKey Authentication & How It Works

Learn about YubiKey authentication and how it works to enhance security

Dev.to · Mrunank Pawar

I Used to Ignore “Boring” Vulnerabilities… Until One Paid More Than a Critical

Don't underestimate small vulnerabilities, as they can lead to bigger problems and significant payouts

Medium · Data Science

Chapters (16)

Introduction

1:00 Start of nmap

4:30 Examining the Change Password functionality

6:20 Discovering XSS In the Contact Form

11:15 Building an XSS Cradle that manipulates the DOM to load an external JS file

18:35 Creating an XSS that will send interact with the webchat and exfil messages ba

26:30 Discovering a new subdomain from the Online Chat

30:15 Showing why we could not use Script SRC with our XSS Attack and why we used th

37:34 Looking at the Git Auto Report Generating and discovering it uses simple-git v

44:40 Shell on the box, dumping the mongo database

52:00 Shell as Frank_Dorky

52:30 Looking at the services running on the box to enumerate what each port is

55:30 Showing bad permissions on the LibreNMS Directory which allows us to read and

59:30 Using the Templates in LibreNMS to get code execution

1:04:00 Showing the intended way to exploit LibreNMS which is using a malicious SNMP T

1:17:30 Exploiting the OpenOffice network port