HackTheBox - Ready

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

Skills: Security Basics90%AI Security80%Defensive AI70%

00:00 - Intro 01:20 - Start of nmap discovering gitlab 02:30 - Registering for an account, then finding the version 04:30 - Searching the GitLab commit history to see the patch changing how localhost is verified 07:20 - Using the import repo from URL feature to force the server to make a request 09:10 - Attempting SSRF Attacks with Gopher 11:50 - Successfully got the server to connect back using git with line breaks 13:00 - Finding a gitlab RCE Path from SSRF using Redis 15:50 - Failing to gttempting to get RCE 20:30 - Ping isn't working, trying Whoami with NC 24:00 - Finally get RCE with whoami and putting a space at the end of our payload 26:20 - Attempting to get a Reverse Shell 29:40 - Using CyberChef to get rid of the plus in our base64 paylaod 33:00 - Reverse Shell Returned 37:00 - DeepCE didn't give us much, running linPEAS again 40:15 - Finding the SMTP Password in a backup which is the root password 41:40 - Mounting the hosts disk to get root

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Security Basics

View skill →

HackTheBox - Analytics

HackTheBox - Analytics

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

Amazon Web Services

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Configure and Deploy AWS Client VPN

Configure and Deploy AWS Client VPN

Related AI Lessons

Virtual Keyboard Login with PingOne Advanced Identity Cloud

Learn how to use a virtual keyboard for secure login with PingOne Advanced Identity Cloud to prevent keylogger attacks

Medium · Cybersecurity

Why Businesses Quietly Accept Technology Friction as “Normal”

Businesses often accept technology friction as normal, but it can have significant impacts on productivity and security

Medium · Cybersecurity

The Model You Just Downloaded Might Own Your Network — What I Learned Building Defenses Against AI…

AI models from public repositories can pose a significant threat to enterprise security due to poisoned weights, and learning to defend against them is crucial

Medium · Cybersecurity

I Found Backdoored AI Models on Hugging Face — And So Has Everyone Else Who Bothered to Look

Backdoored AI models are prevalent on Hugging Face, posing a significant security risk to the AI supply chain, and it's crucial to secure it

Medium · Cybersecurity

Chapters (17)

Intro

1:20 Start of nmap discovering gitlab

2:30 Registering for an account, then finding the version

4:30 Searching the GitLab commit history to see the patch changing how localhost is

7:20 Using the import repo from URL feature to force the server to make a request

9:10 Attempting SSRF Attacks with Gopher

11:50 Successfully got the server to connect back using git with line breaks

13:00 Finding a gitlab RCE Path from SSRF using Redis

15:50 Failing to gttempting to get RCE

20:30 Ping isn't working, trying Whoami with NC

24:00 Finally get RCE with whoami and putting a space at the end of our payload

26:20 Attempting to get a Reverse Shell

29:40 Using CyberChef to get rid of the plus in our base64 paylaod

33:00 Reverse Shell Returned

37:00 DeepCE didn't give us much, running linPEAS again

40:15 Finding the SMTP Password in a backup which is the root password

41:40 Mounting the hosts disk to get root

VPC Service Controls: Day Two Operations