HackTheBox - Sunday

Name: HackTheBox - Sunday
Uploaded: 2018-09-29T15:01:02Z
Channel: IppSec
Description: 00:48 - Begin of NMAP Discovery of Finger 03:36 - Enumerating Finger with Finger-User-Enum 05:00 - Nmap'ing all port quickly by lowering max-retries 08:...

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

00:48 - Begin of NMAP Discovery of Finger 03:36 - Enumerating Finger with Finger-User-Enum 05:00 - Nmap'ing all port quickly by lowering max-retries 08:40 - Adding an old Key Exchange Alogorithm to SSH 09:30 - Showing Hydra doesn't work, then using Patator (Patator also can do Finger Enum! Try it out) 11:19 - Using find to count lines in all wordlist files 14:07 - Logged in with sunny:sunday 14:45 - Grabbing /backup/shadow.backup and cracking sha256crypt with Hashcat 16:46 - Just noticed this box is oooooold, try to privesc with sudo and ShellShock (Fail) 18:53 - Privesc by overwriting the /r…

Watch on YouTube ↗ (saves to browser)

Chapters (17)

0:48 Begin of NMAP Discovery of Finger

3:36 Enumerating Finger with Finger-User-Enum

5:00 Nmap'ing all port quickly by lowering max-retries

8:40 Adding an old Key Exchange Alogorithm to SSH

9:30 Showing Hydra doesn't work, then using Patator

11:19 Using find to count lines in all wordlist files

14:07 Logged in with sunny:sunday

14:45 Grabbing /backup/shadow.backup and cracking sha256crypt with Hashcat

16:46 Just noticed this box is oooooold, try to privesc with sudo and ShellShock (Fa

18:53 Privesc by overwriting the /root/troll binary

23:30 Using wget to exfil files quickly

24:50 Viewing what wget --post-file looks like

25:50 Creating a PHP Script to accept uploaded files

27:30 Hardening our upload location to prevent executing PHP Files and/or reading wh

29:10 Starting a php webserver with php -S (ip):(port) -t .

31:10 Replacing the root password by changing the shadow file

33:30 Demoing a way to create directories and upload files!

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →