HackTheBox - Jupiter

Name: HackTheBox - Jupiter
Uploaded: 2023-10-21T15:00:11Z
Channel: IppSec
Description: 00:00 - Introduction 03:40 - Using gobuster to enum 05:45 - Discovering Raw SQL in the HTTP Request, doing some enumeration to discover it is PostreSQL ...

IppSec · Beginner ·🧠 Large Language Models ·2y ago

00:00 - Introduction 03:40 - Using gobuster to enum 05:45 - Discovering Raw SQL in the HTTP Request, doing some enumeration to discover it is PostreSQL 08:00 - Looking at the PostgreSQL Copy command, which allows for running commands, getting a shell 12:45 - Got a shell as the PostgreSQL user 15:08 - Got a SSH Shell as the PostgreSQL user, then finding port 8888 and enumerating that port 17:00 - Discovered a Jupityr Notebook, using find to discover what users are doing on the box and seeing Juno has network-simulation.yml 18:45 - Putting a shell on Network-Simulation.yml and getting a shell as…

Watch on YouTube ↗ (saves to browser)

Chapters (12)

Introduction

3:40 Using gobuster to enum

5:45 Discovering Raw SQL in the HTTP Request, doing some enumeration to discover it

8:00 Looking at the PostgreSQL Copy command, which allows for running commands, get

12:45 Got a shell as the PostgreSQL user

15:08 Got a SSH Shell as the PostgreSQL user, then finding port 8888 and enumerating

17:00 Discovered a Jupityr Notebook, using find to discover what users are doing on

18:45 Putting a shell on Network-Simulation.yml and getting a shell as juno

23:45 Shell as Juno, looking for jupityr files and discovering the token, which enab

28:45 Jovian can run sattrack as as root (via sudo), running strace to discover that

31:30 Editing the sattrick config to download an authorized_keys file to root's .ssh

33:15 Pretending /root/.ssh didn't exist, getting a shell through cron

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HackTheBox - Jupiter

Chapters (12)

Playlist

Lesson complete!