HackTheBox - Fortune

Name: HackTheBox - Fortune
Uploaded: 2019-08-03T15:00:08Z
Channel: IppSec
Description: 01:04 - Begin of recon 04:41 - Exploring the web page on port 80 06:02 - Using wfuzz to do a special character fuzz to identify odd behavior and discove...

IppSec · Beginner ·🖊️ Copywriting & Content Strategy ·6y ago

01:04 - Begin of recon 04:41 - Exploring the web page on port 80 06:02 - Using wfuzz to do a special character fuzz to identify odd behavior and discover command injection 11:06 - Creating a hotkey in Burpsuite to send requests in repeater pane 11:50 - Start of creating a python program to automate this 17:30 - Script finished 18:30 - Exploring /var/appsrv 21:15 - Exploring authpf 22:30 - Hunting for the signing key for the CA to view HTTPS 24:40 - Copying the certificates to our box 26:00 - Creating and signing a Client Certificate 28:50 - Importing the certificate into FireFox 30:49 - Disco…

Watch on YouTube ↗ (saves to browser)

Chapters (24)

1:04 Begin of recon

4:41 Exploring the web page on port 80

6:02 Using wfuzz to do a special character fuzz to identify odd behavior and discov

11:06 Creating a hotkey in Burpsuite to send requests in repeater pane

11:50 Start of creating a python program to automate this

17:30 Script finished

18:30 Exploring /var/appsrv

21:15 Exploring authpf

22:30 Hunting for the signing key for the CA to view HTTPS

24:40 Copying the certificates to our box

26:00 Creating and signing a Client Certificate

28:50 Importing the certificate into FireFox

30:49 Discovering the reason our certificate isn't working (time of server is behind

31:50 Accessing the HTTPS Website to get a SSH key for NFSUSER

33:40 Discovering additional ports are open after using SSH with NFSUSER

34:45 Installing the NFS-COMMON package to get the showmount binary

35:10 Mounting a NFS Share with Version 2

36:00 Editing our User ID on our box to gain access to the NFS Directories

37:00 Reading mail to discover that the root password is set to the Postgres databas

37:30 Testing if we could setup a SetUID Binary with this NFS (Check Jail Video for

40:20 SSH into the box as Charlie and dumping the database

43:40 Exploring the source code to the web application

47:00 Copying the crypto python script to our box, which will let us decrypt it

47:40 Copying the secrets into the crypto python script and decrypting the password

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →