HackTheBox - Pandora

Name: HackTheBox - Pandora
Uploaded: 2022-05-21T15:00:27Z
Channel: IppSec
Description: 00:00 - Intro 00:58 - Start of nmap 05:10 - Using nmap to scan NMAP 07:20 - Doing a SNMPWalk talking about SNMP Mibs and how to install them, then using...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·3y ago

00:00 - Intro 00:58 - Start of nmap 05:10 - Using nmap to scan NMAP 07:20 - Doing a SNMPWalk talking about SNMP Mibs and how to install them, then using snmpbulkwalk to speed up the scan 09:50 - Finding all the unique fields in our SNMPWalk with grep, sort, and uniq. Which helps find fields of value 16:00 - SNMP Allowed us to view running processes on a box, a password was in the argument so we can ssh in 18:50 - SSH into the box and looking at the webserver files and configs 20:35 - Looking at Apache's config seeing there's a different site available to localhost, doing a SSH Tunnel to acces…

Watch on YouTube ↗ (saves to browser)

Chapters (20)

Intro

0:58 Start of nmap

5:10 Using nmap to scan NMAP

7:20 Doing a SNMPWalk talking about SNMP Mibs and how to install them, then using s

9:50 Finding all the unique fields in our SNMPWalk with grep, sort, and uniq. Whic

16:00 SNMP Allowed us to view running processes on a box, a password was in the argu

18:50 SSH into the box and looking at the webserver files and configs

20:35 Looking at Apache's config seeing there's a different site available to localh

23:20 Finding an unauthenticated pandora fms exploit via google, playing with the in

27:45 Using SQLMap to automatically dump the database of pandora

36:45 Testing sessions, should have used wfuzz or something to test all of these qui

37:30 Using the union injection to login as admin by placing a php serialized object

39:00 With admin access to Pandora FMS we can upload a shell and get code execution

43:33 Going over LinPEAS Results

47:30 Finding a custom SetUID File called Pandora_Backup

49:00 Running strings against the binary shows the tar command without an absolute p

50:45 Showing the path traversal

52:30 The exploit didn't work because something isn't letting us do a SetUID. Diggin

56:30 Using SSH to log into the box and then running the exploit and seeing it works

59:25 Showing the intended way to exploit Pandora, just finding a valid session cook

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HackTheBox - Pandora

Chapters (20)

Playlist

Lesson complete!