HackTheBox - Zetta

00:57 - Begin of NMAP, then examining FTP to see the banner leak time and IPv6 compatibility. 05:10 - Running GoBuster so we always have recon running in the background 05:38 - Examining the Web Page to see it has some usernames and FTP Creds 07:40 - Logging into FTP and testing basic things like downloading/uploading files 08:45 - Ran out of things to test. Run NMAP on all ports, then look into things we don't know. 09:20 - Explaining what FXP is and what an FTP Bounce Attack is 13:00 - Performing the FTP Bounce Attack to get the IPv6 Address, then doing a nmap on the ipv6 address 16:20 - Identifying what port 8730 is (RSYNC) using both NMAP and NETCAT 18:45 - Downloading /etc via rsync, then explaining a bunch of configurations on the box 22:30 - Identifying there is an RSYNCD.SECRETS via the RSYNCD.CONF file. Cannot download but can identify filesize which will tell us the number of characters the password is. 26:50 - Extracting all 8/9 character words out of RockYou.txt then using bash to script a rsync bruteforce (end of video we code a better brute force) 32:00 - Got Roy's password (computer),then downloading his directory to get user.txt. After that upload an SSH Key 39:48 - SSH into the box as roy with the key, then failing to run lynis before running LinPEAS 48:08 - Using find to list files edited around the time User.txt was created (newermt) to identify git repo's under RSYSLOG and FTP 52:05 - Examining git repo in RSYSLOG to identify it sends syslog to POSTGRES and is SQL Injectable 57:10 - Performing the SQL Injection with logger, but before that tailing the postgres log for some output 59:50 - Running commands on Postgres 9.3 via PROGRAM command. Get into trouble with quotes, find postgres has a third quote option which is $$ 01:13:57 - EXTRA CONTENT: Building a threaded RSYNC Bruteforcer 01:14:20 - Script 1: Figuring out how RSYNC Authentication works, its a Challenge/Response. 01:22:44 - Script 1: Downloading the RSYNC Source and searching how i