HackTheBox - Kotarak

IppSec · Beginner ·🔐 Cybersecurity ·8y ago

Skills: Network Security90%Ethical Hacking & Pen Testing80%

For the unintentional method, I'm just downloading a file versus doing it live on the box because I wanted to save doing it live for another video. A really good SSRF Presentation: https://www.youtube.com/watch?v=D1S-G8rJrEk 01:38 - Start of nmap 03:40 - Accessing port 60000 06:20 - Manually enumerating ports on localhost via SSRF 07:00 - Using wfuzz to portscan localhost via SSRF 10:00 - Tomcat creds exposed & Uploading tomcat reverse shell 13:40 - Return of shell 14:20 - Extracting NTDS + SYSTEM Hive 20:20 - Using HashKiller to crack the hashes 21:30 - Escalating to Atanas & Identifying wget vulnerability 27:10 - Starting exploit 33:22 - Exploit failed, light debugging 35:40 - Issue found, not listening all interfaces 39:35 - Root shell returned. 40:10 - Unintentional Root Method (Edited Footage, IP Change)

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 29 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

Why Financial Brands Digital Infrastructure Is Critical for Success

Financial brands' digital infrastructure is crucial for success as it handles sensitive data and requires robust security measures to maintain trust and avoid costly mistakes

Medium · Cybersecurity

Guarding the AI Revolution: Inside AI-Guardian 1.7 and 1.8

Learn about AI-Guardian 1.7 and 1.8, the latest tools to secure AI-powered coding assistants, and why they matter for software development

Medium · Cybersecurity

LetsDefend — Investigate Web Attack

Investigate web attack logs from the bWAPP application to learn about cybersecurity threats and how to defend against them

Medium · Cybersecurity

Breaking OAuth Trust: An Analysis of CVE-2026–45430 in Backdrop CMS

Learn about the critical OAuth vulnerability CVE-2026-45430 in Backdrop CMS and its implications for cybersecurity

Medium · Cybersecurity

Chapters (14)

1:38 Start of nmap

3:40 Accessing port 60000

6:20 Manually enumerating ports on localhost via SSRF

7:00 Using wfuzz to portscan localhost via SSRF

10:00 Tomcat creds exposed & Uploading tomcat reverse shell

13:40 Return of shell

14:20 Extracting NTDS + SYSTEM Hive

20:20 Using HashKiller to crack the hashes

21:30 Escalating to Atanas & Identifying wget vulnerability

27:10 Starting exploit

33:22 Exploit failed, light debugging

35:40 Issue found, not listening all interfaces

39:35 Root shell returned.

40:10 Unintentional Root Method (Edited Footage, IP Change)

How do I resolve the "Kernel panic - not syncing" error in my EC2 instance?

Amazon Web Services