HackTheBox - Spectra

Name: HackTheBox - Spectra
Uploaded: 2021-06-26T15:00:30Z
Channel: IppSec
Description: 00:00 - Start 01:00 - Nmaping the box 03:00 - Checking out the web pages, discovering Wordpress 04:00 - Getting the username of wordpress by looking at ...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Start 01:00 - Nmaping the box 03:00 - Checking out the web pages, discovering Wordpress 04:00 - Getting the username of wordpress by looking at the blog post author 06:30 - Running WpScan with Plugins-detection 08:25 - Finding an open directory on the testing site, accessing a backup 09:15 - Attempting to login with MySQL but cannot due to the account only being allowed on localhost 12:30 - Logging into wordpress with administrator and the devteam01 password 13:25 - Getting a shell through WordPress by editing an unused theme 15:50 - Failing to get a reverse shell... 19:30 - Using a co…

Watch on YouTube ↗ (saves to browser)

Chapters (17)

Start

1:00 Nmaping the box

3:00 Checking out the web pages, discovering Wordpress

4:00 Getting the username of wordpress by looking at the blog post author

6:30 Running WpScan with Plugins-detection

8:25 Finding an open directory on the testing site, accessing a backup

9:15 Attempting to login with MySQL but cannot due to the account only being allowe

12:30 Logging into wordpress with administrator and the devteam01 password

13:25 Getting a shell through WordPress by editing an unused theme

15:50 Failing to get a reverse shell...

19:30 Using a common PHP Reverse Shell

20:45 Discovering we are on a ChromeBook

24:50 Discovering a password in autologin

26:30 Using the password with local users on the box

27:10 Logging in with Katie then seeing she can run sudo initctl

31:20 Failing to play with init files, switching to a simpler method of testing code

32:15 Putting a python reverse shell inside of init and getting root

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →