HackTheBox - Obscurity

00:00 - Intro 01:03 - Quick rant about Security through Obscurity and why it can be good 02:30 - Begin of nmap'ing the box 06:30 - Checking out the webpage, GoBuster giving weird errors, try WFUZZ 12:05 - Taking a deeper look at the website while we have some recon running 17:45 - Wfuzz found nothing hunting for /$directory/SuperSecureServer.py 18:00 - Doing some Directory Traversal attempts against the webserver, and seeing it looks like its vulnerable 20:50 - Extracting the source code to the webserver by specifying /../SuperSecureServer.py 23:30 - Installing VS Code so we can run this webserver and insert breakpoints 28:20 - Creating main.py then running the code in VSCode 36:00 - Exploiting the exec() statement in the WebServer 39:00 - Explaining that we can't use + for spaces in the url, have to do %20, then testing a reverse shell 45:00 - Reverse shell returned 46:50 - Turns out the intended way is to find the /develop/ directory. Looking into why wfuzz missed it 53:30 - Copying the SuperSecureCrypt files back to our local box, then reading the source 56:00 - Explaining modulus 59:45 - Explaining Known Plaintext Attack 01:03:35 - Having trouble deciphering arguments, typing out the arguments on decrypting the key 01:07:00 - Decrypting the PasswordReminder.txt 01:10:39 - Explaining Block Ciphers and how to protect against Known-PlainText 01:11:25 - Rant about Initialization Vectors (IV) and why repeating them is bad (WEP) 01:14:30 - Looking at the BetterSSH Source Code 01:17:10 - Explaining why we can overload the -u parameter of Sudo 01:20:30 - Setting up a watch command to copy all files in /tmp/SSH to /dev/shm so we can crack them later 01:21:10 - Root #1: Exploiting BetterSSH via overloading parameters 01:25:20 - Root #2: Cracking the password