HackTheBox - Stratosphere

Name: HackTheBox - Stratosphere
Uploaded: 2018-09-01T15:00:04Z
Channel: IppSec
Description: 01:11 - Begin of recon 03:48 - Manually checking the page out 04:30 - Discovering the webserver is java/tomcact 05:35 - Starting up GoBuster / Hydra 09:...

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

01:11 - Begin of recon 03:48 - Manually checking the page out 04:30 - Discovering the webserver is java/tomcact 05:35 - Starting up GoBuster / Hydra 09:40 - The Directory /Monitoring was found - Discovering its Struts because of .action 11:00 - Stumbling upon an exploit trying to find out how to enumerate Struts Versions 14:10 - Searching Github for CVE-2017-5638 exploit script, exploiting the box to find out its firewalled off 21:10 - Using a HTTP Forward Shell to get around the strict firewall # Sokar Video Explaining it: https://www.youtube.com/watch?v=k6ri-LFWEj4 # Inception - Another box …

Watch on YouTube ↗ (saves to browser)

Chapters (14)

1:11 Begin of recon

3:48 Manually checking the page out

4:30 Discovering the webserver is java/tomcact

5:35 Starting up GoBuster / Hydra

9:40 The Directory /Monitoring was found - Discovering its Struts because of .actio

11:00 Stumbling upon an exploit trying to find out how to enumerate Struts Versions

14:10 Searching Github for CVE-2017-5638 exploit script, exploiting the box to find

21:10 Using a HTTP Forward Shell to get around the strict firewall

22:40 Go here if you want to start copying the Forward Shell Script

23:34 Explaining how it works

25:10 Explaining the code

31:06 Forward Shell Returned - Enumerating Database to find creds

37:29 Examining User.py

40:15 Privesc: Abusing Python's Path to load a malicious library and sudo user.py

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →