HackTheBox - Undetected

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

Skills: Security Basics90%AI Security80%Defensive AI70%

00:00 - Intro 00:54 - Start of nmap 02:00 - Taking a look at the website 10:00 - Running gobuster against store.djewelry.htb and discovering a vendor directory that has phpunit 11:45- Exploiting phpunit to get a shell on the box 15:15 - Shell recieved on the box as www-data 17:20 - Looking for files owned by www-data on the box by using find to discover /var/backups/info 19:30 - Running strings against the /var/backups/info file and discovering a hex string that is a shell script. Using CyberChef to decode it and gain access to steven 25:00 - ssh in as steven, talking about the duplicate users as steven and steven1 have the said uid/gid 27:00 - Talking about timestamps, my favorite way to find tools left behind by hackers 28:15 - Using find -type f -printf "%T %p\n"to show the full time stamp for files 30:45 - Using find to find files that were created 00:00:00, which is an indication of time stomping. Discovering a backdoored copy of sshd 33:40 - Running the backdoored binary in Ghidra and discovering a backdoor in the login function 36:15 - Extracting the backdoor password and using CyberChef to decode it 41:50 - We skipped a step, finding and examining a backdoored apache module 43:50 - The easy way of doing strings and decoding the bsae64 to discover what the backdoor did 45:15 - Having trouble analyzing this with Ghidra 48:00 - Switching to Cutter which handles this binary better 51:40 - Going back to Ghidra and seeing what we missed

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Security Basics

View skill →

HackTheBox - Analytics

HackTheBox - Analytics

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

Amazon Web Services

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Configure and Deploy AWS Client VPN

Configure and Deploy AWS Client VPN

Related AI Lessons

‘Reboot Your PC’—Microsoft Changes ‘Most Windows Devices’ In June

Microsoft is expiring critical Secure Boot certificates for most Windows devices in June, requiring a reboot to maintain security

Forbes Innovation

My AI Security Runtime Burned Through Credits Faster Than the Vulnerabilities

Learn how AI security runtimes can burn through credits quickly and why traditional vulnerability scanners may not be effective

Medium · DevOps

When AI Helped Write a Real Zero-Day, It Wasn’t ChatGPT

AI was used to weaponize a real zero-day bug, highlighting the potential dangers of AI in cybersecurity

Medium · Cybersecurity

Linux kernel flaw opens root-only files to unprivileged users

A Linux kernel flaw allows unprivileged users to access root-only files, and a proposed solution called ModuleJail could minimize the impact of similar bugs

Chapters (18)

Intro

0:54 Start of nmap

2:00 Taking a look at the website

10:00 Running gobuster against store.djewelry.htb and discovering a vendor directory

15:15 Shell recieved on the box as www-data

17:20 Looking for files owned by www-data on the box by using find to discover /var/

19:30 Running strings against the /var/backups/info file and discovering a hex strin

25:00 ssh in as steven, talking about the duplicate users as steven and steven1 have

27:00 Talking about timestamps, my favorite way to find tools left behind by hackers

28:15 Using find -type f -printf "%T %p\n"to show the full time stamp for files

30:45 Using find to find files that were created 00:00:00, which is an indication of

33:40 Running the backdoored binary in Ghidra and discovering a backdoor in the logi

36:15 Extracting the backdoor password and using CyberChef to decode it

41:50 We skipped a step, finding and examining a backdoored apache module

43:50 The easy way of doing strings and decoding the bsae64 to discover what the bac

45:15 Having trouble analyzing this with Ghidra

48:00 Switching to Cutter which handles this binary better

51:40 Going back to Ghidra and seeing what we missed

Securing the Network