HackTheBox - Traverxec

Name: HackTheBox - Traverxec
Uploaded: 2020-04-11T15:00:00Z
Channel: IppSec
Description: 01:00 - Running nmap against the box, port 80 is running a unique webserver (nostromo) 03:00 - Lets check out the website before we throw any exploits 0...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

01:00 - Running nmap against the box, port 80 is running a unique webserver (nostromo) 03:00 - Lets check out the website before we throw any exploits 06:37 - Launching metasploit then exploting Nostromo but sending the exploit through burpsuite to see what it is doing 10:34 - Code Execution worked, for some reason the proxies command didn't work the first time 11:18 - Explaining why the script does a GET request before throughing an exploit (Exploit Verification) 13:40 - Editing the payload to send a Bash Reverse Shell 15:40 - Running LinPEAS 17:20 - Running LinEnum in Thorough mode 19:22 - G…

Watch on YouTube ↗ (saves to browser)

Chapters (22)

1:00 Running nmap against the box, port 80 is running a unique webserver (nostromo)

3:00 Lets check out the website before we throw any exploits

6:37 Launching metasploit then exploting Nostromo but sending the exploit through b

10:34 Code Execution worked, for some reason the proxies command didn't work the fir

11:18 Explaining why the script does a GET request before throughing an exploit (Exp

13:40 Editing the payload to send a Bash Reverse Shell

15:40 Running LinPEAS

17:20 Running LinEnum in Thorough mode

19:22 Going over LinPEAS Output

22:16 Going over LinEnum Output

23:00 Discovering a HTPASSWD Password, then using hashcat to crack it

26:45 Looking at the HTTP Configuration file to discover public_www directory in hom

27:30 Explaining Linux Permissions on Directories and why we can do a ls in /home/da

29:50 Discovering an encrypting SSH Key for David in public_www, downloading the fil

34:50 SSH into the box as David

35:20 Discovering David can sudo journalctl,

37:10 Demonstrating that the pipe operator doesn't run as an elevated user when doin

38:00 Privesc by removing the pipe and then running !bash. Explaining why this work

40:50 Comparing the Directory traversal exploits (MSF and non-MSF) to see a weird bu

49:30 Downloading the source code to nostromo (patched and unpatched versions) and a

50:27 Using find and grep to md5sum all the files to figure out what has changed.

53:26 Using diff to compare two files

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →