HackTheBox - MonitorsFour

IppSec · Beginner ·🔐 Cybersecurity ·3h ago

Skills: Network Security80%

00:00 - Introduction 00:57 - Start of nmap 03:20 - Looking at the webpage doing basic enumeration 05:30 - Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i went down first 09:50 - Discovering the /user endpoint, fuzzing the token parameter discovering type juggling, cracking hashes 14:40 - Logging into the application, which seems like an odd static page 18:00 - Discovering the Cacti Domain, Logging in and showing we can enumerate if a user is valid or not by a timing attack 23:50 - Exploting CVE-2025-24367 , which lets us create php files on the target 28:40 - Creating the payload to drop the file to get RCE 36:00 - Shell returned. 38:10 - Using bash to be a basic port scanner, then dumping the database 45:00 - Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a container that mounts the host operating system in a container then reading the flag 55:00 - Getting code execution on the host by looking at scheduled tasks and changing a powershell script that runs every 3 minutes

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

10 Linux Commands Every Cybersecurity Beginner Should Know (And Their Windows Equivalents)

Learn 10 essential Linux commands and their Windows equivalents to boost your cybersecurity skills

Medium · Cybersecurity

Dive Into Pentesting — TryHackMe Walkthrough

Learn pentesting basics with TryHackMe, a beginner-friendly platform, and complete a room in 45 minutes to improve your cybersecurity skills

Medium · Cybersecurity

IP mi? Elimizde yok!

Learn about common cyber attacks like deauth, Man-in-the-Middle, and DNS spoofing, and how to protect against them

Medium · Cybersecurity

CyberArena – Interactive Cyber Security Simulation & Threat Analysis Platform

Learn about CyberArena, a platform for interactive cyber security simulation and threat analysis, and how it can enhance security skills

Dev.to · Umesh

Chapters (13)

Introduction

0:57 Start of nmap

3:20 Looking at the webpage doing basic enumeration

5:30 Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i we

9:50 Discovering the /user endpoint, fuzzing the token parameter discovering type j

14:40 Logging into the application, which seems like an odd static page

18:00 Discovering the Cacti Domain, Logging in and showing we can enumerate if a use

23:50 Exploting CVE-2025-24367 , which lets us create php files on the target

28:40 Creating the payload to drop the file to get RCE

36:00 Shell returned.

38:10 Using bash to be a basic port scanner, then dumping the database

45:00 Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a con

55:00 Getting code execution on the host by looking at scheduled tasks and changing

He's Actually Trying To Make IPv8 A Thing

Brodie Robertson