HackTheBox - Schooled

Name: HackTheBox - Schooled
Uploaded: 2021-09-11T15:00:17Z
Channel: IppSec
Description: 00:00 - Intro FreeBSD Box 01:08 - Start of nmap explaining why versions are useful 04:54 - Discovering hostname on the box, then adding it to our host f...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro FreeBSD Box 01:08 - Start of nmap explaining why versions are useful 04:54 - Discovering hostname on the box, then adding it to our host file 07:20 - Using GoBuster to bruteforce virtual hosts and discovering moodle 08:20 - Searching Moodle on github to find a way to identify Moodle Version 11:27 - Reading the Moodle Security Announcements since the Moodle Version 16:50 - Enrolling in the Math Course the announcement hints at XSS 18:20 - Testing for XSS in our Moodle Net Profile 19:55 - Changing our HTML to load an external script and then stealing cookies via document.write 26:0…

Watch on YouTube ↗ (saves to browser)

Chapters (15)

Intro FreeBSD Box

1:08 Start of nmap explaining why versions are useful

4:54 Discovering hostname on the box, then adding it to our host file

7:20 Using GoBuster to bruteforce virtual hosts and discovering moodle

8:20 Searching Moodle on github to find a way to identify Moodle Version

11:27 Reading the Moodle Security Announcements since the Moodle Version

16:50 Enrolling in the Math Course the announcement hints at XSS

18:20 Testing for XSS in our Moodle Net Profile

19:55 Changing our HTML to load an external script and then stealing cookies via doc

26:00 Performing CVE-2020-14321 to escalate from Teacher to Manager in moodle

32:20 Enabling plugin installation, then uploading a malicious moodle plugin

43:40 Reverse shell returned

45:50 Pulling ht MySQL Password from Moodle's configuration and then cracking hashes

51:10 SSH as Jamie, and then using gtfobins and fpm to privesc without setting up a

58:40 Doing the privesc the intended way by setting up a pkg repository

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →