HackTheBox - MonitorsFour

IppSec · Beginner ·☁️ DevOps & Cloud ·1mo ago

Key Takeaways

Demonstrates a cybersecurity challenge using HackTheBox's MonitorsFour

Original Description

00:00 - Introduction 00:57 - Start of nmap 03:20 - Looking at the webpage doing basic enumeration 05:30 - Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i went down first 09:50 - Discovering the /user endpoint, fuzzing the token parameter discovering type juggling, cracking hashes 14:40 - Logging into the application, which seems like an odd static page 18:00 - Discovering the Cacti Domain, Logging in and showing we can enumerate if a user is valid or not by a timing attack 23:50 - Exploting CVE-2025-24367 , which lets us create php files on the target 28:40 - Creating the payload to drop the file to get RCE 36:00 - Shell returned. 38:10 - Using bash to be a basic port scanner, then dumping the database 45:00 - Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a container that mounts the host operating system in a container then reading the flag 55:00 - Getting code execution on the host by looking at scheduled tasks and changing a powershell script that runs every 3 minutes
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

Chapters (13)

Introduction
0:57 Start of nmap
3:20 Looking at the webpage doing basic enumeration
5:30 Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i we
9:50 Discovering the /user endpoint, fuzzing the token parameter discovering type j
14:40 Logging into the application, which seems like an odd static page
18:00 Discovering the Cacti Domain, Logging in and showing we can enumerate if a use
23:50 Exploting CVE-2025-24367 , which lets us create php files on the target
28:40 Creating the payload to drop the file to get RCE
36:00 Shell returned.
38:10 Using bash to be a basic port scanner, then dumping the database
45:00 Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a con
55:00 Getting code execution on the host by looking at scheduled tasks and changing
Up next
Containers on Amazon ECS with Mama J
AWS Developers
Watch →