HackTheBox - Resource

IppSec · Beginner ·📰 AI News & Updates ·1y ago

Skills: Tool Use & Function Calling90%Prompt Craft60%Advanced Prompting50%

00:00 - Introduction 01:00 - Start of nmap 06:55 - Discovering LFI in the page parameter but we cannot immediately exploit it 10:00 - Discovering admin and playing with ping, deciding its not vulnerable and moving on 15:06 - Uploading a zip file to the ticket, then using the phar wrapper with our LFI to include it 19:50 - Shell returned on the box, python doesn't exist using script to fix our tty 23:00 - Editing our session file on the box, so we can change users without having to change the database 27:50 - Obtaining the HAR File from a ticket, showing Google's web app that visualizes the file 31:50 - Examining the HAR File from command line, which I think is easier 36:30 - Discovering old SSH CA Files in msainristil's directory, checking the SSH Config to see it has TrustedUserCaKeys which lets this CA Sign Public Keys 38:50 - Using SSH-Keygen to sign a public key with a CA specifying root as the principal then logging in 43:00 - Discovering a bash script which uses a web API to sign certificates with another CA, creating a ticket that lets us on as support 45:55 - The host server has AuthorizedPrincipalsFile configured, explaining how this works with TrustedUserCAKeys and ssh 50:00 - Logging in as ZZINTER and discovering they can run a bash script as sudo, which has a File Disclosure vulnerability due to lack of quotes around a comparison 51:40 - Explaining how this works, by doing a couple characters manually 57:50 - Creating a program in golang to dump the CA File 1:09:15 - Running the program, grabbing the CA then creating a root key

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Tool Use & Function Calling

View skill →

Adding a Phone Gateway to a Virtual Agent

Administering an AlloyDB Database

Cloud Storage: Qwik Start - CLI/SDK

Cloud Composer: Copying BigQuery Tables Across Different Locations

Getting started with Firebase Cloud Firestore

Getting Started with Liquid to Customize the Looker User Experience

Related AI Lessons

Top 10 Future Jobs in High Demand by 2030 (Complete Guide)

Discover the top 10 future jobs in high demand by 2030 and learn how to prepare for them

Medium · Programming

Google Search Revenue Up 19%. Publisher Traffic Down 38%. Same AI. Same Quarter.

Google's AI-driven search revenue increases by 19% while publisher traffic decreases by 38% in the same quarter, highlighting the impact of AI on online content

HUMAN OS — Why the Future Belongs to Humans Who Learn Faster Than AI

The future belongs to humans who learn faster than AI, requiring a redesign of human adaptation in universities, corporations, and institutions

TLDR: The RAM Shortage

Learn about the RAM shortage impacting tech releases, including Valve's delayed products

Chapters (17)

Introduction

1:00 Start of nmap

6:55 Discovering LFI in the page parameter but we cannot immediately exploit it

10:00 Discovering admin and playing with ping, deciding its not vulnerable and movin

15:06 Uploading a zip file to the ticket, then using the phar wrapper with our LFI t

19:50 Shell returned on the box, python doesn't exist using script to fix our tty

23:00 Editing our session file on the box, so we can change users without having to

27:50 Obtaining the HAR File from a ticket, showing Google's web app that visualizes

31:50 Examining the HAR File from command line, which I think is easier

36:30 Discovering old SSH CA Files in msainristil's directory, checking the SSH Conf

38:50 Using SSH-Keygen to sign a public key with a CA specifying root as the princip

43:00 Discovering a bash script which uses a web API to sign certificates with anoth

45:55 The host server has AuthorizedPrincipalsFile configured, explaining how this w

50:00 Logging in as ZZINTER and discovering they can run a bash script as sudo, whic

51:40 Explaining how this works, by doing a couple characters manually

57:50 Creating a program in golang to dump the CA File

1:09:15 Running the program, grabbing the CA then creating a root key

How to Crack High Paying Tech Jobs in 2026 | ft. Avreen Chawla