HackTheBox - WingData

IppSec · Beginner ·🔐 Cybersecurity ·21h ago

Skills: Network Security80%

00:00 - Introduction 01:00 - Start of nmap 03:20 - Searching for vulnerabilities in Wing FTP Server 06:20 - Testing the RCE and running a command 09:30 - Weaponizing the POC to get a reverse shell 12:10 - Shell returned, grabbing the password hashes, discovering it uses a hard-coded salt and then cracking it 22:40 - Got the wacky password and can run a python script with sudo, searching for CVE's found one in tarfile 31:40 - Got our Elevated File Write working, finding safe files to get a shell, crontab did not work. But overwriting the script or sudoers.d file did work

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

PDF Font Subset Divergence: Forensic Tampering Detection

Detect PDF tampering using font subset divergence, a forensic technique that analyzes font inconsistencies across pages

Dev.to · Iurii Rogulia

Why your Cloudflare Turnstile token works in the browser but 403s from requests

Learn why Cloudflare Turnstile tokens work in browsers but fail with Python requests and how to fix it

Dev.to · Bassem Shahin

Fuzzing Techniques for Vulnerability Discovery

Learn fuzzing techniques to discover vulnerabilities in your code before attackers do, improving your system's security and reliability

Dev.to · Aviral Srivastava

Stuxnet: The Worm That Changed Warfare

Learn about Stuxnet, a cyber-weapon that changed the face of warfare, and its impact on cybersecurity

Medium · Cybersecurity

Chapters (8)

Introduction

1:00 Start of nmap

3:20 Searching for vulnerabilities in Wing FTP Server

6:20 Testing the RCE and running a command

9:30 Weaponizing the POC to get a reverse shell

12:10 Shell returned, grabbing the password hashes, discovering it uses a hard-coded

22:40 Got the wacky password and can run a python script with sudo, searching for CV

31:40 Got our Elevated File Write working, finding safe files to get a shell, cronta

Legal Document Automation #lawfirm #cybersecurity #lawyer