HackTheBox - Wall

IppSec · Beginner ·🔧 Backend Engineering ·6y ago

Skills: Tool Use & Function Calling80%

Key Takeaways

Recon and exploitation of Wall HackTheBox machine using various tools and techniques

Original Description

00:55 - Start of recon 02:30 - Running GoBuster to discover the /monitoring directory 03:50 - Running hydra to try to brute force the HTTP Authentication (Does not work due to it being a secure password) 05:20 - Bypassing the AUTH Request by changing to a POST — Explain why this works later 06:30 - Looking at the Centreon Changelog to look for any exploits 08:10 - There aren’t any unauthenticated exploited, lets brute force a login. The main way uses a CSRF Token. 08:50 - Bypassing the CSRF by using the Centreon API 12:00 - Using wfuzz to brute force the API Login and get admin:Password1 14:15 - Changing the Monitoring Engine Binary under Configure Pollers to get code execution 16:15 - Trying to ping ourselves, find out we can’t use space 17:10 - Using IFS to instead of space 20:11 - Ping worked, trying to do a Reverse Shell 23:50 - The reverse shell didn’t work lets do some debugging 25:55 - Adding a semicolon at the end of the script and getting a reverse shell 26:20 - Reverse shell returned, lets build a proper TTY with ROWS and COLUMNS so we can do things like vi 30:20 - Searching for files between two dates 33:00 - Discovering backup which is a PYC File, using uncompyle to decompile it 34:55 - Getting Shelby’s password out of the backup script 35:45 - Using LinPEAS instead of LinEnum to look for privescs 43:10 - Exploiting Screen-4.5.0 to get root ## Extra 46:30 - Static Code Analysis tip, looking for dangerous functions

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Tool Use & Function Calling

View skill →

Adding a Phone Gateway to a Virtual Agent

Administering an AlloyDB Database

Cloud Storage: Qwik Start - CLI/SDK

Cloud Composer: Copying BigQuery Tables Across Different Locations

Getting started with Firebase Cloud Firestore

Getting Started with Liquid to Customize the Looker User Experience

Related AI Lessons

Applying Scalability in Backend (CodeBuddy)

Learn to apply scalability in backend development for efficient system performance

Why Every Backend Developer Should Learn Nginx Before Going to Production

Learn Nginx to improve backend development skills and ensure smooth production deployment

Medium · DevOps

Connecting Frontend to Backend: A Backend Engineer’s Reality Check

Learn how to connect frontend to backend using Next.js by building a login and signup form for a dashboard

Medium · Programming

Build Secure Authentication System Using Access and Refresh Tokens

Learn to build a secure authentication system using access and refresh tokens for modern APIs

Medium · Python

Chapters (21)

0:55 Start of recon

2:30 Running GoBuster to discover the /monitoring directory

3:50 Running hydra to try to brute force the HTTP Authentication (Does not work due

5:20 Bypassing the AUTH Request by changing to a POST — Explain why this works late

6:30 Looking at the Centreon Changelog to look for any exploits

8:10 There aren’t any unauthenticated exploited, lets brute force a login. The mai

8:50 Bypassing the CSRF by using the Centreon API

12:00 Using wfuzz to brute force the API Login and get admin:Password1

14:15 Changing the Monitoring Engine Binary under Configure Pollers to get code exec

16:15 Trying to ping ourselves, find out we can’t use space

17:10 Using IFS to instead of space

20:11 Ping worked, trying to do a Reverse Shell

23:50 The reverse shell didn’t work lets do some debugging

25:55 Adding a semicolon at the end of the script and getting a reverse shell

26:20 Reverse shell returned, lets build a proper TTY with ROWS and COLUMNS so we ca

30:20 Searching for files between two dates

33:00 Discovering backup which is a PYC File, using uncompyle to decompile it

34:55 Getting Shelby’s password out of the backup script

35:45 Using LinPEAS instead of LinEnum to look for privescs

43:10 Exploiting Screen-4.5.0 to get root

46:30 Static Code Analysis tip, looking for dangerous functions

This Cop Was Held Accountable For His Brutality! #police #lawyer