HackTheBox - MetaTwo

Name: HackTheBox - MetaTwo
Uploaded: 2023-04-29T15:02:04Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap, attempting to login with FTP then going to the website 02:45 - Running WPScan with enumerate all plugins in ...

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

00:00 - Introduction 01:00 - Start of nmap, attempting to login with FTP then going to the website 02:45 - Running WPScan with enumerate all plugins in aggressive mode 04:00 - Taking a look at the site while WPScan runs and finding a plugin (BookingPress-Appointment-Booking) and finding an exploit 06:15 - Replacing the NONCE in the exploit to get it working 09:00 - Using SQLMap to dump everything, while we attempt to get only the data we think we are interested in. 11:00 - Manually dumping the WP_USERS table with the SQL Injection 13:25 - Cracking the wordpress hashes to get a user credential…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Introduction

1:00 Start of nmap, attempting to login with FTP then going to the website

2:45 Running WPScan with enumerate all plugins in aggressive mode

4:00 Taking a look at the site while WPScan runs and finding a plugin (BookingPress

6:15 Replacing the NONCE in the exploit to get it working

9:00 Using SQLMap to dump everything, while we attempt to get only the data we thin

11:00 Manually dumping the WP_USERS table with the SQL Injection

13:25 Cracking the wordpress hashes to get a user credential

16:57 EDIT: Playing with SQLMap to get it to dump this database

23:30 Searching for Wordpress 5.6.2 exploits, discovering an XXE in WAV Files

25:20 Using the XXE to exfil files off the webserver

30:20 Discovering FTP Credentials in the WP Config, logging into the FTP Server and

32:40 Logging in as JNelson and seeing PassPie, which is a CLI Password Manager that

34:30 Cracking to PGP/GPG Key with John and getting root

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →