HackTheBox - Ready

Name: HackTheBox - Ready
Uploaded: 2021-05-15T15:00:21Z
Channel: IppSec
Description: 00:00 - Intro 01:20 - Start of nmap discovering gitlab 02:30 - Registering for an account, then finding the version 04:30 - Searching the GitLab commit ...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 01:20 - Start of nmap discovering gitlab 02:30 - Registering for an account, then finding the version 04:30 - Searching the GitLab commit history to see the patch changing how localhost is verified 07:20 - Using the import repo from URL feature to force the server to make a request 09:10 - Attempting SSRF Attacks with Gopher 11:50 - Successfully got the server to connect back using git with line breaks 13:00 - Finding a gitlab RCE Path from SSRF using Redis 15:50 - Failing to gttempting to get RCE 20:30 - Ping isn't working, trying Whoami with NC 24:00 - Finally get RCE with whoa…

Watch on YouTube ↗ (saves to browser)

Chapters (17)

Intro

1:20 Start of nmap discovering gitlab

2:30 Registering for an account, then finding the version

4:30 Searching the GitLab commit history to see the patch changing how localhost is

7:20 Using the import repo from URL feature to force the server to make a request

9:10 Attempting SSRF Attacks with Gopher

11:50 Successfully got the server to connect back using git with line breaks

13:00 Finding a gitlab RCE Path from SSRF using Redis

15:50 Failing to gttempting to get RCE

20:30 Ping isn't working, trying Whoami with NC

24:00 Finally get RCE with whoami and putting a space at the end of our payload

26:20 Attempting to get a Reverse Shell

29:40 Using CyberChef to get rid of the plus in our base64 paylaod

33:00 Reverse Shell Returned

37:00 DeepCE didn't give us much, running linPEAS again

40:15 Finding the SMTP Password in a backup which is the root password

41:40 Mounting the hosts disk to get root

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →