HackTheBox - Zetta

Name: HackTheBox - Zetta
Uploaded: 2020-02-22T14:58:35Z
Channel: IppSec
Description: 00:57 - Begin of NMAP, then examining FTP to see the banner leak time and IPv6 compatibility. 05:10 - Running GoBuster so we always have recon running i...

IppSec · Intermediate ·🔐 Cybersecurity ·6y ago

00:57 - Begin of NMAP, then examining FTP to see the banner leak time and IPv6 compatibility. 05:10 - Running GoBuster so we always have recon running in the background 05:38 - Examining the Web Page to see it has some usernames and FTP Creds 07:40 - Logging into FTP and testing basic things like downloading/uploading files 08:45 - Ran out of things to test. Run NMAP on all ports, then look into things we don't know. 09:20 - Explaining what FXP is and what an FTP Bounce Attack is 13:00 - Performing the FTP Bounce Attack to get the IPv6 Address, then doing a nmap on the ipv6 address 16:20 - Id…

Watch on YouTube ↗ (saves to browser)

Chapters (20)

0:57 Begin of NMAP, then examining FTP to see the banner leak time and IPv6 compati

5:10 Running GoBuster so we always have recon running in the background

5:38 Examining the Web Page to see it has some usernames and FTP Creds

7:40 Logging into FTP and testing basic things like downloading/uploading files

8:45 Ran out of things to test. Run NMAP on all ports, then look into things we don

9:20 Explaining what FXP is and what an FTP Bounce Attack is

13:00 Performing the FTP Bounce Attack to get the IPv6 Address, then doing a nmap on

16:20 Identifying what port 8730 is (RSYNC) using both NMAP and NETCAT

18:45 Downloading /etc via rsync, then explaining a bunch of configurations on the b

22:30 Identifying there is an RSYNCD.SECRETS via the RSYNCD.CONF file. Cannot downl

26:50 Extracting all 8/9 character words out of RockYou.txt then using bash to scrip

32:00 Got Roy's password (computer),then downloading his directory to get user.txt.

39:48 SSH into the box as roy with the key, then failing to run lynis before running

48:08 Using find to list files edited around the time User.txt was created (newermt)

52:05 Examining git repo in RSYSLOG to identify it sends syslog to POSTGRES and is S

57:10 Performing the SQL Injection with logger, but before that tailing the postgres

59:50 Running commands on Postgres 9.3 via PROGRAM command. Get into trouble with q

1:13:57 EXTRA CONTENT: Building a threaded RSYNC Bruteforcer

1:14:20 Script 1: Figuring out how RSYNC Authentication works, its a Challenge/Respons

1:22:44 Script 1: Downloading the RSYNC Source and searching how i

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →