HackTheBox - SneakyMailer

Name: HackTheBox - SneakyMailer
Uploaded: 2020-11-28T15:00:10Z
Channel: IppSec
Description: 00:00 - Intro 00:45 - Start of nmap 03:10 - Poking a the websites 04:20 - Starting gobusters in the background while we look at the site 07:00 - Grabbin...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Intro 00:45 - Start of nmap 03:10 - Poking a the websites 04:20 - Starting gobusters in the background while we look at the site 07:00 - Grabbing a list of emails off of the website 08:40 - Using SWAKS to mass email users with a link 14:45 - User went to our website, grabbed credentials 17:50 - Failing to do FTP User Enumeration, do this at the end of the video 19:00 - Failing with Thunderbird to login 22:30 - Switching to the Evolution Mail client to check mailboxes, finding FTP Details in Sent Mail 28:40 - Using wget to mirror the FTP Directory, then poking at PHP Files 30:50 - Showi…

Watch on YouTube ↗ (saves to browser)

Chapters (22)

Intro

0:45 Start of nmap

3:10 Poking a the websites

4:20 Starting gobusters in the background while we look at the site

7:00 Grabbing a list of emails off of the website

8:40 Using SWAKS to mass email users with a link

14:45 User went to our website, grabbed credentials

17:50 Failing to do FTP User Enumeration, do this at the end of the video

19:00 Failing with Thunderbird to login

22:30 Switching to the Evolution Mail client to check mailboxes, finding FTP Details

28:40 Using wget to mirror the FTP Directory, then poking at PHP Files

30:50 Showing pypi/Register.php, which *should* have been used during the phishing s

31:30 Checking if we can upload files to the FTP Directory and finding the dev VHOST

35:00 Shell Returned

37:00 Discovering a HTPASSWD file, then cracking it with hashcat

39:50 Checking out pypi.sneakycorp.htb:8080 and finding a pypi server

41:00 Creating a Malicious PyPi Package

43:30 Adding a reverse shell to our pypi package

44:45 Creating a pypi configuration file

47:00 Uploading the package and getting a shell as low

50:10 Checking sudoers, and finding low can run pip3 - Use GTFO Bin to get root

53:30 EXTRA: Enumerating the FTP Users by creating a quick webapp then using FFUF ag

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →