HackTheBox - Love

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·4y ago

00:00 - Intro 01:02 - Running nmap against all ports 04:55 - Attempting to enumerate the initial web page (Voting System) 08:00 - Nmap finished, checking staging.love.htb from the SSL Certificate 10:05 - Finding an SSRF Vulnerability in the file scanner 12:30 - Having trouble using WFUZZ to fuzz all ports 17:45 - Switching to FFUF and still having trouble to fuzz all ports 24:30 - Fuzzing takes too long, trying ports from nmap to see if any page is restricted by IP and findig creds 29:45 - Attempting to use an exploit script for Voting System (More at end of video) 39:40 - Enough with the exploit script, manually exploiting the application with an image upload 43:43 - Using Nishang to get a reverse shell, then running WinPEAS 52:30 - Seeing AlwaysInstallElevated is set on the system, using msfvenom to build an msi 54:45 - Box Done - Going back to the exploit script and getting it working

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

Start Here: YOSHIMI Nakane / Human Dignity Architect

Learn about YOSHIMI Nakane, a Human Dignity Architect, and the concept of designing human recognition, dignity, and value in the age of AI

What Is AI Jailbreaking? The Security Challenge Reshaping LLMs

Learn about AI jailbreaking, a security challenge that threatens LLMs by bypassing safety guardrails and content filters, and why it matters for AI development

AI Is Forcing Us to Redefine What It Means to Be Smart

AI is redefining what it means to be smart, shifting focus from technical problem-solving to deeper human intelligence

Gait Recognition: The Next Frontier in Biometric Security using AI

Learn how gait recognition using AI is revolutionizing biometric security and why it matters for cybersecurity and identity management

Medium · Cybersecurity

Chapters (13)

Intro

1:02 Running nmap against all ports

4:55 Attempting to enumerate the initial web page (Voting System)

8:00 Nmap finished, checking staging.love.htb from the SSL Certificate

10:05 Finding an SSRF Vulnerability in the file scanner

12:30 Having trouble using WFUZZ to fuzz all ports

17:45 Switching to FFUF and still having trouble to fuzz all ports

24:30 Fuzzing takes too long, trying ports from nmap to see if any page is restricte

29:45 Attempting to use an exploit script for Voting System (More at end of video)

39:40 Enough with the exploit script, manually exploiting the application with an im

43:43 Using Nishang to get a reverse shell, then running WinPEAS

52:30 Seeing AlwaysInstallElevated is set on the system, using msfvenom to build an

54:45 Box Done - Going back to the exploit script and getting it working

AI Management Essentials: Integrating ISO 42001 & ISO 23894