HackTheBox - Kryptos

Name: HackTheBox - Kryptos
Uploaded: 2019-09-21T15:00:00Z
Channel: IppSec
Description: 00:45 - Begin of Recon 02:50 - Examining login request while GoBuster runs 05:35 - Noticing weird behavior by modifying db parameter in login request 07...

IppSec · Beginner ·🔐 Cybersecurity ·6y ago

00:45 - Begin of Recon 02:50 - Examining login request while GoBuster runs 05:35 - Noticing weird behavior by modifying db parameter in login request 07:30 - Finding what the Error numbers mean. (SQL Error Codes) 08:50 - Testing if we can trick the application into authentication against us 09:50 - Starting up metasploit to steal the login hash of a MYSQL Login 12:30 - Cracking the MySQL Hash with Hashcat 16:45 - Creating a databse locally for the application to authenticate to 23:00 - Examining what MySQL Does after authentication in Wireshark 24:30 - Creating the database structure so the ap…

Watch on YouTube ↗ (saves to browser)

Chapters (31)

0:45 Begin of Recon

2:50 Examining login request while GoBuster runs

5:35 Noticing weird behavior by modifying db parameter in login request

7:30 Finding what the Error numbers mean. (SQL Error Codes)

8:50 Testing if we can trick the application into authentication against us

9:50 Starting up metasploit to steal the login hash of a MYSQL Login

12:30 Cracking the MySQL Hash with Hashcat

16:45 Creating a databse locally for the application to authenticate to

23:00 Examining what MySQL Does after authentication in Wireshark

24:30 Creating the database structure so the application will authenticate against o

27:00 Begin of the File Encryptor PHP App

27:30 Performing a Known Plaintext attack against the RC4 Encryption

28:50 Explaining the Known Plaintext

37:00 Creating a Python Script to perform a SSRF attack and decrypt content

54:25 Script done, discovering a LFI Exploit in /dev/

57:30 Using PHP Filters to convert LFI to source code disclosure

59:50 Extracting sqlite_test_page.php source code

1:01:00 Manually analyzing the source code to discover a way to write files

1:03:00 Checking PayloadAllTheThings to get a payload for dropping files

1:15:38 Testing dropping a php script for code execution

1:18:00 Using Chankro to bypass PHP Disabled functions

1:20:45 Creating a PHP Script to download Chankro Script to avoid bad characters in th

1:24:50 Reverse shell returned, finding a VIMCrypted file in Rijndael Home

1:25:35 Decrypting Creds.txt with a known plaintext attack in VimCrypt 02 (Blowfish)

1:28:20 Downloading the files to our local box and explaining the attack

1:30:30 Copying our Python Script from earlier and modify it to work with our VIM File

1:38:20 Decrypted the creds and use them to SSH

1:39:10 Analyzing the kryptos.py file

1:41:00 Testing how random the random is

1:46:00 Creating a python script to bruteforce the key as we know the randomness is br

1:57:00 Scr

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →