HackTheBox - OnlyForYou

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

Skills: AI Security90%Defensive AI80%Security Basics70%

00:00 - Introduction 01:00 - Start of nmap 03:20 - Discovering beta.only4you.htb 03:55 - Downloading the source, scanning with Snyk and discovering a File Disclosure vuln 05:15 - Demonstrating that os.path.join in python will do unexpected things if a path begins with slash 07:30 - Failing to get /proc/self/environ, not sure why we failed here 09:20 - Grabbing the nginx configuration to discover where the websites are stored, using the File Disclosure Vuln to leak source of main website 11:15 - Discovering a vulnerability when sending mail 12:10 - Talking about how we will bypass the bad character check, the Re.Match will only match the start, not entire string 16:10 - Getting code execution from the contact form 18:45 - Reverse shell returned, looking for databases, and discovering a few ports listening on localhost 22:30 - Uploading Chisel so we can access ports 3000 and 8001 25:40 - Start of Neo4j Injection, discovering we are in a contains statement 30:00 - Going to HackTricks and discovering we can use LOAD CSV to leak data out of band 32:25 - Leaking the labels, then grabbing users and hashes 38:30 - Logging in with John, discovering we can use sudo with pip to download a tar off GOGS 40:25 - Creating a malicious python package for us to download, then uploading to gogs 44:10 - Showing that the pip download command will execute setup.py and getting root

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

NordVPN vs ExpressVPN in 2026: Which is Honestly Better?

Learn how to choose between NordVPN and ExpressVPN based on your needs in 2026

Medium · Cybersecurity

Top 5 reasons schools are switching to lab-based training

Schools are adopting lab-based training for cybersecurity courses, providing hands-on experience and better preparation for future tasks

Why bug bounty income is harder than it looks: the New Hacker trial cap and six compound mistakes that wasted a full day

Bug bounty hunting is more challenging than it seems, with trial caps and common mistakes wasting time and effort

Dev.to · Jaeyoung Yun

How I Investigated a Lumma Stealer Attack Disguised as a Windows 11 Update

Learn how to investigate a Lumma Stealer attack disguised as a Windows 11 update and improve your cybersecurity skills

Medium · Cybersecurity

Chapters (18)

Introduction

1:00 Start of nmap

3:20 Discovering beta.only4you.htb

3:55 Downloading the source, scanning with Snyk and discovering a File Disclosure v

5:15 Demonstrating that os.path.join in python will do unexpected things if a path

7:30 Failing to get /proc/self/environ, not sure why we failed here

9:20 Grabbing the nginx configuration to discover where the websites are stored, us

11:15 Discovering a vulnerability when sending mail

12:10 Talking about how we will bypass the bad character check, the Re.Match will on

16:10 Getting code execution from the contact form

18:45 Reverse shell returned, looking for databases, and discovering a few ports lis

22:30 Uploading Chisel so we can access ports 3000 and 8001

25:40 Start of Neo4j Injection, discovering we are in a contains statement

30:00 Going to HackTricks and discovering we can use LOAD CSV to leak data out of ba

32:25 Leaking the labels, then grabbing users and hashes

38:30 Logging in with John, discovering we can use sudo with pip to download a tar o

40:25 Creating a malicious python package for us to download, then uploading to gogs

44:10 Showing that the pip download command will execute setup.py and getting root

Business Security, Governance, & Incident Response