HackTheBox - Scavenger

Name: HackTheBox - Scavenger
Uploaded: 2020-02-29T15:00:13Z
Channel: IppSec
Description: 01:30 - Begin of Recon 05:50 - Discovering an SQL Injection inside of the WhoIs Service 07:20 - Identifying we can perform DNS Zone Transfers with dig a...

IppSec · Intermediate ·🔐 Cybersecurity ·6y ago

01:30 - Begin of Recon 05:50 - Discovering an SQL Injection inside of the WhoIs Service 07:20 - Identifying we can perform DNS Zone Transfers with dig axfr (aquatone is the application i mention to take screenshots) 12:10 - Explaining the SQL Union Injection 16:30 - Dumping information out of Information_Schema via the SQL Union Injection 23:05 - Dumping hostnames out of the whois database via the SQL Union Injection 28:45 - Discovering the pwned website, discovering shell.php with GoBuster 31:45 - Using wget to get the date the webserver was defaced 33:00 - Using wfuzz to find the parameter (…

Watch on YouTube ↗ (saves to browser)

Chapters (24)

1:30 Begin of Recon

5:50 Discovering an SQL Injection inside of the WhoIs Service

7:20 Identifying we can perform DNS Zone Transfers with dig axfr (aquatone is the a

12:10 Explaining the SQL Union Injection

16:30 Dumping information out of Information_Schema via the SQL Union Injection

23:05 Dumping hostnames out of the whois database via the SQL Union Injection

28:45 Discovering the pwned website, discovering shell.php with GoBuster

31:45 Using wget to get the date the webserver was defaced

33:00 Using wfuzz to find the parameter (hidden) the attackers shell used, then we h

39:15 Using find with newermt to identify what happened around the time the attacker

46:00 Discovering mail file that has some credentials for an FTP User

49:17 Using grep/awk to find the hacker in an apache access logs

51:44 Searching wireshark to pull the attackers post request to pull more credential

55:05 Analyzing root.c kernel module

56:00 Testing the kernel rootkit didn't work over HTTP, lets get a forward shell and

1:02:22 Testing passwords to gain access to ib01c01, which has the compiled kernel roo

1:05:20 Analyzing root.ko in Ghidra to discover some slight changes to the root.c sour

1:09:20 Sending g3tPr1v to /dev/ttyR0 to activate the rootkit and switch to root

1:10:02 Testing nc with a source port of 20 to verify our assumption only root can do

1:11:50 Creating a PHP Script to act as middleware between SQLMap and the WhoIs port

1:22:20 Manually installing Zeek (formerly known as Bro) to analyze the pcap.

1:25:50 Zeek has been installed, running it against the pcap with Cr to ignore checksu

1:26:42 Showing how to manually analyze zeek logs with less -S and zeek-cut

1:31:50 Instal

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →