HackTheBox - PermX

Name: HackTheBox - PermX
Uploaded: 2024-11-02T15:00:01Z
Channel: IppSec
Description: 00:00 - Introduction 00:50 - Start of nmap 02:45 - Using FFUF to fuzz for virtual hosts (sub domains) 05:00 - Discovering the LMS Sub Domain which hosts...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 00:50 - Start of nmap 02:45 - Using FFUF to fuzz for virtual hosts (sub domains) 05:00 - Discovering the LMS Sub Domain which hosts Chamilo, talking about enumerating versions of opensource applications 07:00 - Start of talking about pulling MD5's of every file in a .git, so we can see when a file got introduced 11:15 - The bash one-liner for searching git for an MD5 is done, looking at when the date of commit was. 12:30 - Turning our one-liner into a bash function then putting it in BashRC 15:30 - Hunting for an exploit, finding python script to see how it works. Just us…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Introduction

0:50 Start of nmap

2:45 Using FFUF to fuzz for virtual hosts (sub domains)

5:00 Discovering the LMS Sub Domain which hosts Chamilo, talking about enumerating

7:00 Start of talking about pulling MD5's of every file in a .git, so we can see wh

11:15 The bash one-liner for searching git for an MD5 is done, looking at when the d

12:30 Turning our one-liner into a bash function then putting it in BashRC

15:30 Hunting for an exploit, finding python script to see how it works. Just using

18:25 Shell returned, looking for the configuration, finding a user has the same pas

23:15 The MTZ User can run a bash script with sudo, looking at it and discovering it

24:30 Creating a symlink to sudoers, running sudo to give us write access, then allo

27:30 Showing that we cannot replace SetUID Binaries because the SetUID permission g

29:30 Showing that cron will refuse to run tasks if the permissions are too open, mo

33:40 Showing we cannot edit symlinks if we cannot go into the directory the target

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →