HackTheBox - OpenKeyS

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Introduction 00:31 - Begin of nmap 01:10 - Nmap shows it is BSD, going over some command differences 02:00 - Running GoBuster to find other PHP Scripts 04:30 - Looking at the includes directory and finding source code 10:14 - Reversing the Check_Auth binary with Ghidra, to see it doesn't decompile well 12:00 - Using VirusTotal to find out if this an old binary 13:20 - Using Cutter to decompile this binary, to see it does a better job than Ghidra! 17:50 - Finding some BSD Exploits related to authentication 20:00 - Putting SCHALLENGE as the username, causes a different error message. Then doing some code analysis around $_REQUEST 24:50 - Abusing the $_REQUEST() feature to overwrite the username file with a valid user and grab their SSH Key 26:10 - Showing how OpenBSD has some different command line switches 31:00 - Going back to the earlier CVE, since it showed a privesc aswell and explaining CVE-2019-19520 40:45 - EXTRA: Looking at the PHP Code to explain the $_REQUEST exploit again

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

HDFC AMC Just Confirmed a Cybersecurity Incident.

HDFC AMC confirms cybersecurity incident after anonymous source claims access to IT systems, highlighting need for robust security measures

Medium · Cybersecurity

BEFORE YOU TOUCH THE TARGET: A PASSIVE AND ACTIVE RECON WALK-THROUGH FOR CYBERSECURITY…

Conduct thorough reconnaissance before exploiting a target to gather crucial information for a successful cybersecurity operation

Medium · Cybersecurity

Virtual Keyboard Login with PingOne Advanced Identity Cloud

Learn how to use a virtual keyboard for secure login with PingOne Advanced Identity Cloud to prevent keylogger attacks

Medium · Cybersecurity

Why Businesses Quietly Accept Technology Friction as “Normal”

Businesses often accept technology friction as normal, but it can have significant impacts on productivity and security

Medium · Cybersecurity

Chapters (14)

Introduction

0:31 Begin of nmap

1:10 Nmap shows it is BSD, going over some command differences

2:00 Running GoBuster to find other PHP Scripts

4:30 Looking at the includes directory and finding source code

10:14 Reversing the Check_Auth binary with Ghidra, to see it doesn't decompile well

12:00 Using VirusTotal to find out if this an old binary

13:20 Using Cutter to decompile this binary, to see it does a better job than Ghidra

17:50 Finding some BSD Exploits related to authentication

20:00 Putting SCHALLENGE as the username, causes a different error message. Then doi

24:50 Abusing the $_REQUEST() feature to overwrite the username file with a valid us

26:10 Showing how OpenBSD has some different command line switches

31:00 Going back to the earlier CVE, since it showed a privesc aswell and explaining

40:45 EXTRA: Looking at the PHP Code to explain the $_REQUEST exploit again

VPC Service Controls: Day Two Operations