HackTheBox - Titanic

Name: HackTheBox - Titanic
Uploaded: 2025-06-21T15:00:58Z
Channel: IppSec
Description: 00:00 - Introduction 00:40 - Start of nmap 04:00 - Intercepting the booking download and finding the File Disclosure Vulnerability 07:10 - Finding the d...

IppSec · Beginner ·🛡️ AI Safety & Ethics ·9mo ago

00:00 - Introduction 00:40 - Start of nmap 04:00 - Intercepting the booking download and finding the File Disclosure Vulnerability 07:10 - Finding the dev.titanic.htb host and discovering Gitea 09:25 - Running Gitea locally via docker to see how where it stores the configuration and database 10:50 - Downloading the Gitea Database and cracking it 15:00 - Using gitea to spray passwords via ssh and logging into the box as developer 17:00 - Discovering a script in /opt/scripts/ and discovering a script that writes to a log which is populated every minute 18:15 - Searching for vulnerabilities in Im…

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Introduction

0:40 Start of nmap

4:00 Intercepting the booking download and finding the File Disclosure Vulnerabilit

7:10 Finding the dev.titanic.htb host and discovering Gitea

9:25 Running Gitea locally via docker to see how where it stores the configuration

10:50 Downloading the Gitea Database and cracking it

15:00 Using gitea to spray passwords via ssh and logging into the box as developer

17:00 Discovering a script in /opt/scripts/ and discovering a script that writes to

18:15 Searching for vulnerabilities in Image Magick

21:40 Getting code execution by exploiting CVE-2024-51817 in ImageMagick

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →