HackTheBox - Moderators

Name: HackTheBox - Moderators
Uploaded: 2022-11-05T14:59:24Z
Channel: IppSec
Description: 00:00 - Intro 01:05 - Start of nmap, then going over the website 03:30 - Examining all the pages on the blog 04:40 - Looking at the report parameter, do...

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Intro 01:05 - Start of nmap, then going over the website 03:30 - Examining all the pages on the blog 04:40 - Looking at the report parameter, doing some light testing for SQL Injection before moving on to IDOR 07:00 - Using ffuf to bruteforce all reports matching upon a word (phrase) on the page 11:00 - Attempting to figure out if the md5sum in the logs URL is random by submitting the hash to crackstation 13:00 - Discovering a file upload vulnerability, faking a PDF and uploading a PHP Shell 18:25 - When using a PHP Shell System() commands don't work. Uploading PHPInfo to view disabled…

Watch on YouTube ↗ (saves to browser)

Chapters (24)

Intro

1:05 Start of nmap, then going over the website

3:30 Examining all the pages on the blog

4:40 Looking at the report parameter, doing some light testing for SQL Injection be

7:00 Using ffuf to bruteforce all reports matching upon a word (phrase) on the page

11:00 Attempting to figure out if the md5sum in the logs URL is random by submitting

13:00 Discovering a file upload vulnerability, faking a PDF and uploading a PHP Shel

18:25 When using a PHP Shell System() commands don't work. Uploading PHPInfo to view

21:00 Getting code execution through Popen() which wasn't blacklisted

24:30 Reverse shell returned

26:55 Discovering another webserver is running on localhost, turns out to be Wordpre

29:50 Exploiting the wordpress plugin BrandFolder to get a shell as Lexi

35:00 Lexi has an SSH Key, using SSH to access the server and then setting up a tunn

40:55 Using MySQL to reset a wordpress password, so we can log in

43:50 Gaining access to the box as John

46:30 Finding a Virtual Box file that has an encrypted VDI

48:20 Using Hashcat to crack the VirtualBox VDI File

52:55 Installing the VirtualBox extension that would allow us to utilize an encrypte

56:45 Decrypting the VirtualBox VDI Image with VBoxManage

58:45 Mounting the VirtualBox VDI Image and discovering the hard drive is encrytped

59:50 Cracking the LUKS v2 Password

1:02:00 Mounting the Luks Drive then discovering a bunch of scripts

1:03:55 Doing some bash-fu to extract all variables and run them against the ent comma

1:08:50 Another fun trick to find passphrases. Creating a regex to path for WORDS_sepe

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →