HackTheBox - SecNotes

Name: HackTheBox - SecNotes
Uploaded: 2019-01-19T15:00:02Z
Channel: IppSec
Description: 01:05 - Begin of recon 02:45 - Checking out the website 03:50 - Using wfuzz to enumerate usernames 05:45 - Logging in with an account we created 07:23 -...

IppSec · Intermediate ·🔐 Cybersecurity ·7y ago

01:05 - Begin of recon 02:45 - Checking out the website 03:50 - Using wfuzz to enumerate usernames 05:45 - Logging in with an account we created 07:23 - Checking out Change Password and noticing it does this poorly 09:25 - Using the contact form, to see if tyler will follow links 14:14 - Changing Tyler's password by sending him to the ChangePassword Page 15:00 - Logged in and find SMB Share with credentials. 16:15 - Found a webshare but not sure the directory it executes from. Begin hunting for a different webserver. 17:48 - Port 8808 found via nmap'ing all ports. Creating a php script to gai…

Watch on YouTube ↗ (saves to browser)

Chapters (15)

1:05 Begin of recon

2:45 Checking out the website

3:50 Using wfuzz to enumerate usernames

5:45 Logging in with an account we created

7:23 Checking out Change Password and noticing it does this poorly

9:25 Using the contact form, to see if tyler will follow links

14:14 Changing Tyler's password by sending him to the ChangePassword Page

15:00 Logged in and find SMB Share with credentials.

16:15 Found a webshare but not sure the directory it executes from. Begin hunting fo

17:48 Port 8808 found via nmap'ing all ports. Creating a php script to gain code ex

19:15 Downloading netcat for windows to use as a Reverse Shell

21:14 Playing with Bash on Windows

22:35 Finding the administrator password in ~/.bash_history

23:45 Alternate way to find the .bash_history file

25:36 Unintended way to bypass the CSRF. SQL Injection + bad Static Code analysis

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →