HackTheBox - Shibboleth

Name: HackTheBox - Shibboleth
Uploaded: 2022-04-02T15:38:00Z
Channel: IppSec
Description: 00:00 - Intro 00:57 - Running NMAP 04:10 - The footer talks about BMC, explaining why I jumped to IPMI when reading this 05:30 - Running a Virtual Host ...

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Intro 00:57 - Running NMAP 04:10 - The footer talks about BMC, explaining why I jumped to IPMI when reading this 05:30 - Running a Virtual Host (VHOST) Scan with Wfuzz to try and find a domain that points to an ILO 08:20 - Talking about IPMI 10:15 - Running Metasploit to dump the IPMI Hash and then crack it with hashcat 15:10 - Running IPMITool to explore the interface, there isn't anything really here 19:30 - Logging into Zabbix with the credentials and then fumbling around creating a malicious check 27:50 - Discovering what we were doing wrong, we didn't want to put quotes in the sys…

Watch on YouTube ↗ (saves to browser)

Chapters (15)

Intro

0:57 Running NMAP

4:10 The footer talks about BMC, explaining why I jumped to IPMI when reading this

5:30 Running a Virtual Host (VHOST) Scan with Wfuzz to try and find a domain that p

8:20 Talking about IPMI

10:15 Running Metasploit to dump the IPMI Hash and then crack it with hashcat

15:10 Running IPMITool to explore the interface, there isn't anything really here

19:30 Logging into Zabbix with the credentials and then fumbling around creating a m

27:50 Discovering what we were doing wrong, we didn't want to put quotes in the syst

29:25 Zabbix kills our shell pretty quickly, just running a second command really fa

32:00 Attempting to get into the Zabbix database, need to switch to the ipmi-svc use

34:57 Showing a cool MySQL command \G to display results in a table form, useful whe

36:05 Running LinPEAS

39:30 No real exploit paths found, checking for exploits in the MYSQL Server and fin

41:10 Performing the MySQL WSREP Exploit and getting root

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →