HackTheBox - Interpreter
00:00 - Introduction
00:46 - Start of nmap
05:30 - Looking at CVE-2023-43208, Exploiting Mirth Connect 4.4.0
07:45 - Extracting the payload from python so we can send it via the API, getting ping to work to verify RCE
09:22 - Getting a reverse shell working in one-shot, weird oddity due to Java Deserialization
13:10 - Reverse shell returned, dumping the database
16:00 - Looking at Mirth Connect Source Code to see how the passwords are stored, then getting the passwords in a format hashcat likes to crack
27:00 - SSH as Sedric, discovering an app listening on port 54321, doing some weird eval
36:20 - Getting a payload to the custom webserver, troubleshooting XML Schema validation
40:20 - Confirming code execution then building a payload to get a shell
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
More on: Network Security
View skill →
Related AI Lessons
⚡
⚡
⚡
⚡
6 Signs That Total Surveillance Is Coming FAST
Medium · AI
Security Architecture: Designing Secure Systems from the Ground Up
Medium · Cybersecurity
Structural exclusion is the only defense that scales
Dev.to AI
Why Your Bank Account May Not Be Safe After a Single Click
Medium · Cybersecurity
Chapters (10)
Introduction
0:46
Start of nmap
5:30
Looking at CVE-2023-43208, Exploiting Mirth Connect 4.4.0
7:45
Extracting the payload from python so we can send it via the API, getting ping
9:22
Getting a reverse shell working in one-shot, weird oddity due to Java Deserial
13:10
Reverse shell returned, dumping the database
16:00
Looking at Mirth Connect Source Code to see how the passwords are stored, then
27:00
SSH as Sedric, discovering an app listening on port 54321, doing some weird ev
36:20
Getting a payload to the custom webserver, troubleshooting XML Schema validati
40:20
Confirming code execution then building a payload to get a shell
🎓
Tutor Explanation
DeepCamp AI