HackTheBox - ScriptKiddie

IppSec · Intermediate ·🔐 Cybersecurity ·5y ago

Skills: AI Security90%Defensive AI80%Security Basics80%

00:00 - Intro 00:45 - Running nmap 01:20 - Using Firefox Developer Tools to inspect the page and see its a Python webserver 04:50 - Fuzzing parameters with ffuf to see if anything sticks out 05:40 - Ffuf isnt giving expected output, lets send the request to BurpSuite to find out we are missing a HTTP Header 08:20 - Adding the Content-Type header to ffuf and finally fuzzing special characters 16:00 - There is a MSFVenom CVE and it looks like the webpage uses MSFVenom 17:20 - Editing the MSFVenom exploit to place a reverse shell but the exploit keeps failing 21:30 - Using curl to test the RCE 22:20 - Validated we have RCE, building out a web cradle with our curl to execute code 24:20 - Reverse shell returned as kid user 24:45 - Looking at the web application and discovering a logs directory 25:40 - Using stty to fix up our reverse shell so vim/nano works 28:00 - Running GoSPY to examine processes on the box 28:50 - Ha. GoSpy found the MSFVenom RCE 31:20 - Examining the scanlosers.sh script to find a RCE 35:15 - Having trouble exploiting scanlosers, taking a deeper look at the script 37:00 - Reverse shell as pwn returned 37:50 - pwn can run metasploit with sudo, executing commands by just specifying a binary in MSF 38:50 - Showing the IRB console within metasploit which would give us another way to execute commands 39:45 - Taking a look at the MSFVenom exploit

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

Structural exclusion is the only defense that scales

Learn why structural exclusion is the key to scalable defense in software development

Structural exclusion is the only defense that scales

Learn how structural exclusion can be an effective defense mechanism that scales with system growth

Samba on Port 445: How Public SMB Exposure Becomes a Critical Attack Surface

Exposure of Samba on port 445 can lead to critical attacks, learn how to identify and mitigate this vulnerability

Medium · Cybersecurity

Python in CTF’s Writeup | Cylabs

Learn to use Python in Capture The Flag (CTF) challenges to improve cybersecurity skills

Medium · Cybersecurity

Chapters (21)

Intro

0:45 Running nmap

1:20 Using Firefox Developer Tools to inspect the page and see its a Python webserv

4:50 Fuzzing parameters with ffuf to see if anything sticks out

5:40 Ffuf isnt giving expected output, lets send the request to BurpSuite to find o

8:20 Adding the Content-Type header to ffuf and finally fuzzing special characters

16:00 There is a MSFVenom CVE and it looks like the webpage uses MSFVenom

17:20 Editing the MSFVenom exploit to place a reverse shell but the exploit keeps fa

21:30 Using curl to test the RCE

22:20 Validated we have RCE, building out a web cradle with our curl to execute code

24:20 Reverse shell returned as kid user

24:45 Looking at the web application and discovering a logs directory

25:40 Using stty to fix up our reverse shell so vim/nano works

28:00 Running GoSPY to examine processes on the box

28:50 Ha. GoSpy found the MSFVenom RCE

31:20 Examining the scanlosers.sh script to find a RCE

35:15 Having trouble exploiting scanlosers, taking a deeper look at the script

37:00 Reverse shell as pwn returned

37:50 pwn can run metasploit with sudo, executing commands by just specifying a bina

38:50 Showing the IRB console within metasploit which would give us another way to e

39:45 Taking a look at the MSFVenom exploit

Ubuntu LTS Randomly Broke 12 Year Old GPUs

Brodie Robertson