HackTheBox - Obscurity

Name: HackTheBox - Obscurity
Uploaded: 2020-05-09T15:00:17Z
Channel: IppSec
Description: 00:00 - Intro 01:03 - Quick rant about Security through Obscurity and why it can be good 02:30 - Begin of nmap'ing the box 06:30 - Checking out the web...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Intro 01:03 - Quick rant about Security through Obscurity and why it can be good 02:30 - Begin of nmap'ing the box 06:30 - Checking out the webpage, GoBuster giving weird errors, try WFUZZ 12:05 - Taking a deeper look at the website while we have some recon running 17:45 - Wfuzz found nothing hunting for /$directory/SuperSecureServer.py 18:00 - Doing some Directory Traversal attempts against the webserver, and seeing it looks like its vulnerable 20:50 - Extracting the source code to the webserver by specifying /../SuperSecureServer.py 23:30 - Installing VS Code so we can run this webs…

Watch on YouTube ↗ (saves to browser)

Chapters (26)

Intro

1:03 Quick rant about Security through Obscurity and why it can be good

2:30 Begin of nmap'ing the box

6:30 Checking out the webpage, GoBuster giving weird errors, try WFUZZ

12:05 Taking a deeper look at the website while we have some recon running

17:45 Wfuzz found nothing hunting for /$directory/SuperSecureServer.py

18:00 Doing some Directory Traversal attempts against the webserver, and seeing it l

20:50 Extracting the source code to the webserver by specifying /../SuperSecureServe

23:30 Installing VS Code so we can run this webserver and insert breakpoints

28:20 Creating main.py then running the code in VSCode

36:00 Exploiting the exec() statement in the WebServer

39:00 Explaining that we can't use + for spaces in the url, have to do %20, then tes

45:00 Reverse shell returned

46:50 Turns out the intended way is to find the /develop/ directory. Looking into w

53:30 Copying the SuperSecureCrypt files back to our local box, then reading the sou

56:00 Explaining modulus

59:45 Explaining Known Plaintext Attack

1:03:35 Having trouble deciphering arguments, typing out the arguments on decrypting t

1:07:00 Decrypting the PasswordReminder.txt

1:10:39 Explaining Block Ciphers and how to protect against Known-PlainText

1:11:25 Rant about Initialization Vectors (IV) and why repeating them is bad (WEP)

1:14:30 Looking at the BetterSSH Source Code

1:17:10 Explaining why we can overload the -u parameter of Sudo

1:20:30 Setting up a watch command to copy all files in /tmp/SSH to /dev/shm so we can

1:21:10 Root #1: Exploiting BetterSSH via overloading parameters

1:25:20 Root #2: Cracking the password

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →