HackTheBox - Horizontall

Name: HackTheBox - Horizontall
Uploaded: 2022-02-05T15:21:08Z
Channel: IppSec
Description: 00:00 - Intro 00:57 - Start of nmap, examining the page discovering its all static with no user input 05:20 - Examining the source code of the website 0...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 00:57 - Start of nmap, examining the page discovering its all static with no user input 05:20 - Examining the source code of the website 06:20 - Running the javascript through a beutifier so we can easily read this, and finding another web endpoint 08:57 - Going to api-prod.horizontall.htb, running gobuster and examining the endpoints 12:00 - Navigating to /admin brings us to a STRAPI login, searching for exploits and finding an RCE 13:50 - Lightly reading the exploit script, we will go more in depth at the end of this video 15:15 - Getting a reverse shell 17:30 - Reverse shell r…

Watch on YouTube ↗ (saves to browser)

Chapters (21)

Intro

0:57 Start of nmap, examining the page discovering its all static with no user inpu

5:20 Examining the source code of the website

6:20 Running the javascript through a beutifier so we can easily read this, and fin

8:57 Going to api-prod.horizontall.htb, running gobuster and examining the endpoint

12:00 Navigating to /admin brings us to a STRAPI login, searching for exploits and f

13:50 Lightly reading the exploit script, we will go more in depth at the end of thi

15:15 Getting a reverse shell

17:30 Reverse shell returned, looking for how the webapp talks to the database

18:50 Explaining why this nginx server uses proxy_pass and has a node app listening

21:20 Dropping an SSH Key and using SSH to access this box, no privilege escalation

25:20 Having a lot of trouble with getting data out of the MySQL Database, not exact

32:20 Going over the LinPEAS Output and discovering port 8000 running laravel

33:50 Going over why we cant see processes from other users

35:30 Using SSH to tunnel port 8000 to our box, allowing us to access laravel, findi

37:52 Finding an exploit and executing code as laravel.

41:08 First script didn't work, looking to see if there are others. This one didn't

42:30 Looks like there's some bad characters with our reverse shell, switching to a

46:00 Explaining why this box isn't the box I wanted to show off FeroxBuster (Recurs

48:40 Looking at the STRAPI Exploit and showing how the patch worked

56:50 Comparing PHP Exploits

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →