HackTheBox - PC

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

Skills: Tool Use & Function Calling90%Security Basics80%AI Security70%Defensive AI60%

00:00 - Introduction 01:05 - Start of nmap 03:00 - Googling the port number, and reading more about gRPC 04:45 - Install GRPCurl so we can access the gRPC interface 06:30 - Enumerating the grpc interface 10:30 - Registering a user and logging in 13:45 - Using Verbose with GRPCurl to get extra information which includes an JWT 16:20 - Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the database to discover SQLite 19:45 - Enumerating the SQLite Database (similar to Information_schema with mysql) 21:45 - Using Group_Concat with a union injection to dump all users and passwords, then SSH into the box 24:45 - Discovering PyLoad is running on localhost, setting up an SSH Tunnel to access it 26:00 - Finding a public POC and running it to exploit PyLoad

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Tool Use & Function Calling

View skill →

Adding a Phone Gateway to a Virtual Agent

Administering an AlloyDB Database

Cloud Storage: Qwik Start - CLI/SDK

Cloud Composer: Copying BigQuery Tables Across Different Locations

Getting started with Firebase Cloud Firestore

Getting Started with Liquid to Customize the Looker User Experience

Related AI Lessons

JWKS Is the Part of OAuth Nobody Explains Until Production Breaks

Learn how JWKS works with OAuth and JWTs to secure your app

Medium · Cybersecurity

HTB Path — AI Defense Walkthrough

Learn how to defend against AI-powered attacks with a walkthrough of the HTB Path AI Defense challenge

Medium · Cybersecurity

I Passed the OSCP on My First Attempt - My Study Plan

Learn how to prepare for the OSCP exam with a focused study plan and methodical thinking under pressure

Medium · Cybersecurity

CYBERRAKSHAK TECHNOLOGIES PVT. LTD.

Discover CYBERRAKSHAK TECHNOLOGIES as your partner for cybersecurity and career growth

Medium · Cybersecurity

Chapters (12)

Introduction

1:05 Start of nmap

3:00 Googling the port number, and reading more about gRPC

4:45 Install GRPCurl so we can access the gRPC interface

6:30 Enumerating the grpc interface

10:30 Registering a user and logging in

13:45 Using Verbose with GRPCurl to get extra information which includes an JWT

16:20 Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the databas

19:45 Enumerating the SQLite Database (similar to Information_schema with mysql)

21:45 Using Group_Concat with a union injection to dump all users and passwords, the

24:45 Discovering PyLoad is running on localhost, setting up an SSH Tunnel to access

26:00 Finding a public POC and running it to exploit PyLoad

Ethical Hacking Career In 60 Seconds | Ethical Hacking Career Roadmap 2026 | #Shorts | #simplilearn