HackTheBox - Redcross

Name: HackTheBox - Redcross
Uploaded: 2019-04-13T15:00:00Z
Channel: IppSec
Description: 00:20 - Flow chart of potential paths through this box 02:25 - Begin of recon, SSL Enumeration, examining PHP Behavior 06:23 - Using GoBuster to dicover...

IppSec · Beginner ·🔐 Cybersecurity ·6y ago

00:20 - Flow chart of potential paths through this box 02:25 - Begin of recon, SSL Enumeration, examining PHP Behavior 06:23 - Using GoBuster to dicover directories, pdf's, and php scripts 08:10 - Using wfuzz to discover subdomains (virtual host routing) 12:15 - Guessing credential, logging in with guest:guest disover SQL Injection 16:45 - Manually doing an error-based SQL Injection with extractquery() ** Go watch the Enterprise Video if you want Double Query Based Errors ** 31:50 - A good screenshot showing the SQL Inject Queries used, then cracking 35:00 - Doing the SQLInjection with SQLMap,…

Watch on YouTube ↗ (saves to browser)

Chapters (25)

0:20 Flow chart of potential paths through this box

2:25 Begin of recon, SSL Enumeration, examining PHP Behavior

6:23 Using GoBuster to dicover directories, pdf's, and php scripts

8:10 Using wfuzz to discover subdomains (virtual host routing)

12:15 Guessing credential, logging in with guest:guest disover SQL Injection

16:45 Manually doing an error-based SQL Injection with extractquery()

31:50 A good screenshot showing the SQL Inject Queries used, then cracking

35:00 Doing the SQLInjection with SQLMap, needed the delay flag!

37:50 Examining the account-signup.pdf to create a user

39:50 Doing XSS (cross site scripting) to steal a cookie of the admin

43:15 Going to admin.redcross.htb and showing that any way you got the PHPSESSID coo

46:15 Poking at admin.redcross.htb, creating a user that lands us in an SSH Jail

48:38 Playing with the Firewall portion of the site, discover command injection in d

52:28 Reverse shell as www-data

54:40 Discover postgresql credentials in actions.php, this database lets you create

1:00:21 Inserting a user into the database, then logging in with SSH

1:02:40 Examining /etc to discover a different postgresql account-signup

1:04:50 Adding a root user with the new credentials, then sudo to root!

1:06:29 Discovering Haraka running

1:09:10 Using Metasploit to exploit haraka, get shell as penelope

1:12:26 Doing the PG thing again but this time specify sudo group, so we don't need to

1:15:50 Examining iptctl.c

1:19:56 Using Pattern_Create to discover where the RSP (RIP) Overwrite occours.

1:21:15 Start of python script

1:24:11 Dumping PLT Functions to use with our rop ch

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →