HackTheBox - Intuition

Name: HackTheBox - Intuition
Uploaded: 2024-09-14T15:01:01Z
Channel: IppSec
Description: 00:00 - Introduction 01:07 - Start of nmap 04:00 - Discovering the application is flask based upon 404 page, showing Werkzeug source to show where the e...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:07 - Start of nmap 04:00 - Discovering the application is flask based upon 404 page, showing Werkzeug source to show where the error comes from 08:30 - Noticing the cookie is odd but since input is escaped, it doesn't look that insecure 10:40 - Discovering XSS in the Report Submission form and stealing cookies and get a moderator cookie 17:20 - In the Moderator Panel, set to high priority, xss again to get administrator 22:00 - Playing with the Report URL on the Create Report Page 31:50 - Discovering Python URLLib 3.11 has a URL Parsing vulnerability CVE-2023-24329 34:1…

Watch on YouTube ↗ (saves to browser)

Chapters (19)

Introduction

1:07 Start of nmap

4:00 Discovering the application is flask based upon 404 page, showing Werkzeug sou

8:30 Noticing the cookie is odd but since input is escaped, it doesn't look that in

10:40 Discovering XSS in the Report Submission form and stealing cookies and get a m

17:20 In the Moderator Panel, set to high priority, xss again to get administrator

22:00 Playing with the Report URL on the Create Report Page

31:50 Discovering Python URLLib 3.11 has a URL Parsing vulnerability CVE-2023-24329

34:11 Getting /etc/passwd, then grabbing the source to the application and discoveri

40:20 Shell returned, grabbing the SQLite Database and getting a password

48:50 Downloading the source to runner1 off the FTP Server

54:20 Using hashcat bruteforce to crack the AUTH_KEY since we know all but the last

56:30 Discovering Suricata is running, looking at logs to get the credential lopez u

1:04:30 Playing with Runner2, figuring out the JSON it wants

1:09:40 Exploiting the command injection because its using system() when installing a

1:13:20 Getting code execution another way! Using an ansible vulnerability CVE-2023-51

1:22:20 A completely unintended exploit, using the Selenium Grid container

1:24:20 Escaping the Firefox process/Kiosk by having PDF's open Bash

1:26:20 We are root on the container, low privilege on the host - In this scenario we

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →