HackTheBox - Writeup

IppSec · Beginner ·🔐 Cybersecurity ·6y ago

Skills: AI Security90%Defensive AI80%Security Basics70%

01:04 - Start of recon identifying a debian box based upon banners 02:30 - Taking a look at the website, has warnings about DOS type attacks. 03:17 - Discovering the /writeup/ directory in robots.txt 04:18 - Checking the HTML Source to see if there's any information about what generated this page. Discover CMS Made Simple 05:15 - CMS Made Simple is an opensource product. Search through the source code to discover a way to identify version information. 07:30 - Using SearchSploit to find an exploit 09:05 - Running the exploit script with a bad URL and triggering the servers anti-DOS protection 10:10 - Running the exploit script with correct URL and analyze the HTTP Requests it makes via Wireshark to see how the SQL Injection works 16:20 - Explaining how password salts work 19:00 - Using Hashcat to crack a salted md5sum 21:15 - Demonstrating the --username flag in hashcat, this allows you to associate cracked passwords to users 24:14 - Begin of low-priv shell, running LinEnum to discover we are a member of staff 27:58 - Using google to see what the Staff group can do (edit /usr/local/bin) 28:40 - Explaining path injection 29:40 - Using PSPY to display all the processes that start on linux, useful for finding crons or short-running processes 31:58 - Running PSPY to see run-parts is called without an absolute path upon user login 33:13 - Performing the relative path injection by creating the file /usr/local/bin/run-parts which will drop our SSH Key

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

Learn the basics of cybersecurity to start a career in the field

Reddit r/cybersecurity

The Illusion of Asset Inventory: Why Attackers Know More About Your Infrastructure Than You Do

Attackers often have a better understanding of your infrastructure than your security team, emphasizing the importance of accurate asset inventory

Medium · Cybersecurity

Structural exclusion is the only defense that scales

Learn how structural exclusion can be an effective defense mechanism that scales, and why it matters for building robust systems

If the Shai-Hulud worm reached your GitHub repos, please read this

Learn how to identify and clean up the Shai-Hulud worm from your GitHub repos and recover access if locked out

Dev.to · Ionut-Cristian Florescu

Chapters (17)

1:04 Start of recon identifying a debian box based upon banners

2:30 Taking a look at the website, has warnings about DOS type attacks.

3:17 Discovering the /writeup/ directory in robots.txt

4:18 Checking the HTML Source to see if there's any information about what generate

5:15 CMS Made Simple is an opensource product. Search through the source code to di

7:30 Using SearchSploit to find an exploit

9:05 Running the exploit script with a bad URL and triggering the servers anti-DOS

10:10 Running the exploit script with correct URL and analyze the HTTP Requests it m

16:20 Explaining how password salts work

19:00 Using Hashcat to crack a salted md5sum

21:15 Demonstrating the --username flag in hashcat, this allows you to associate cra

24:14 Begin of low-priv shell, running LinEnum to discover we are a member of staff

27:58 Using google to see what the Staff group can do (edit /usr/local/bin)

28:40 Explaining path injection

29:40 Using PSPY to display all the processes that start on linux, useful for findin

31:58 Running PSPY to see run-parts is called without an absolute path upon user log

33:13 Performing the relative path injection by creating the file /usr/local/bin/run

How to Block Spammers from Specific Countries in WordPress

WordPress Tutorials - WPLearningLab