HackTheBox - Jarvis

IppSec · Intermediate ·📊 Data Analytics & Business Intelligence ·6y ago

Skills: SQL Analytics80%Tool Use & Function Calling70%Data Literacy60%

01:00 - Begin of Recon 02:30 - Running Gobuster and examining the web page 05:10 - Room.php is the only page that accepts user input, basic testing for SQL Injection 05:40 - Using wfuzz to fuzz for special characters then getting our IP Banned :( 10:00 - Unbanned, running wfuzz again and examining unique responses 13:00 - Showing several ways to test for SQL Injection (subtraction and hex()) 16:30 - Examining the MySQL Query Structure 17:30 - Explaining Union Injection 21:15 - Nested queries with union statements 23:20 - Extracting information out of Information_Schema to databases, tables, columns 24:08 - Using LIMIT to ensure only one row is returned 25:25 - Using GROUP_CONCAT to allow us to return multiple rows within union 32:20 - Extracting Mysql users/passwords then cracking MySQL (mode 300) 35:10 - Another way to get the password, LOAD_FILE() to view PHP Source Code 42:30 - PHPMyAdmin 4.8.0 RCE (LFI + Tainted PHP Cookie) 57:40 - Dropping a shell via the PHPMyAdmin exploit 59:30 - ALTERNATE Way to get Shell:Dropping a file from the SQL Injection 01:03:52 - Examining the PHP Cookie to see what happened with the PHPMyAdmin stuff 01:05:45 - Examing the Python Script we can execute as pepper with sudo 01:10:40 - We can execute code with $() but theres bad characters, so drop a bash script to disk 01:15:00 - Running find to look for setuid binaries, discover systemctl then check GTFO Bins 01:21:15 - Copying our Sysmctl Scripts out of /tmp then creating our malicious service

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: SQL Analytics

View skill →

Loading Data into Google Cloud SQL

Analyzing Billing Data with BigQuery

Relational Database Design – Full Course

Relational Database Design – Full Course

freeCodeCamp.org

Analyze and Manage HR Databases Using MySQL

Analyze and Manage HR Databases Using MySQL

Analyze E-Commerce Data Using PostgreSQL

Analyze E-Commerce Data Using PostgreSQL

The ORDER BY Statement in SQL : Data Science Code

The ORDER BY Statement in SQL : Data Science Code

Related AI Lessons

Why Real-Time Analytics Eventually Changes Your Database Architecture

Real-time analytics can drastically change your database architecture, learn why and how to adapt

Dev.to · Mohamed Hussain S

Day 43: Hypothesis Testing & Statistical Analysis — Understanding How Data Makes Decisions

Learn hypothesis testing and statistical analysis to make data-driven decisions

Day 43: Hypothesis Testing & Statistical Analysis — Understanding How Data Makes Decisions

Learn hypothesis testing and statistical analysis to make data-driven decisions

Medium · Machine Learning

I Spoke With 8 Interviewers. I Expected an Offer. They Asked for a 9th Round.

Learn how to navigate lengthy interview processes and improve your chances of landing a job in a competitive market

Medium · Data Science

Chapters (22)

1:00 Begin of Recon

2:30 Running Gobuster and examining the web page

5:10 Room.php is the only page that accepts user input, basic testing for SQL Injec

5:40 Using wfuzz to fuzz for special characters then getting our IP Banned :(

10:00 Unbanned, running wfuzz again and examining unique responses

13:00 Showing several ways to test for SQL Injection (subtraction and hex())

16:30 Examining the MySQL Query Structure

17:30 Explaining Union Injection

21:15 Nested queries with union statements

23:20 Extracting information out of Information_Schema to databases, tables, columns

24:08 Using LIMIT to ensure only one row is returned

25:25 Using GROUP_CONCAT to allow us to return multiple rows within union

32:20 Extracting Mysql users/passwords then cracking MySQL (mode 300)

35:10 Another way to get the password, LOAD_FILE() to view PHP Source Code

42:30 PHPMyAdmin 4.8.0 RCE (LFI + Tainted PHP Cookie)

57:40 Dropping a shell via the PHPMyAdmin exploit

59:30 ALTERNATE Way to get Shell:Dropping a file from the SQL Injection

1:03:52 Examining the PHP Cookie to see what happened with the PHPMyAdmin stuff

1:05:45 Examing the Python Script we can execute as pepper with sudo

1:10:40 We can execute code with $() but theres bad characters, so drop a bash script

1:15:00 Running find to look for setuid binaries, discover systemctl then check GTFO B

1:21:15 Copying our Sysmctl Scripts out of /tmp then creating our malicious service

Hedge Fund Performance and Risk Metrics