HackTheBox - Calamity

Name: HackTheBox - Calamity
Uploaded: 2018-01-20T15:00:38Z
Channel: IppSec
Description: Blog Post: https://reboare.github.io/lxd/lxd-escape.html 01:28 - Begin of recon 02:20 - GoBuster 03:30 - admin.php discovered, finding the pw 04:50 - Ge...

IppSec · Beginner ·🛡️ AI Safety & Ethics ·8y ago

Blog Post: https://reboare.github.io/lxd/lxd-escape.html 01:28 - Begin of recon 02:20 - GoBuster 03:30 - admin.php discovered, finding the pw 04:50 - Getting Code Execution 07:45 - Finding out why Reverse Shells weren't working 09:45 - Getting a reverse shell by renaming nc 11:30 - Transfering files via nc 14:00 - Opening the wav file 16:25 - Using audiodiff to identify differences in sound 17:05 - The next step, why is the same song there twice? 19:25 - Importing files into Audacity and Inverting 22:25 - Attempting to exploit the process blacklist 24:25 - Unintended root LXC Background 28:30…

Watch on YouTube ↗ (saves to browser)

Chapters (20)

1:28 Begin of recon

2:20 GoBuster

3:30 admin.php discovered, finding the pw

4:50 Getting Code Execution

7:45 Finding out why Reverse Shells weren't working

9:45 Getting a reverse shell by renaming nc

11:30 Transfering files via nc

14:00 Opening the wav file

16:25 Using audiodiff to identify differences in sound

17:05 The next step, why is the same song there twice?

19:25 Importing files into Audacity and Inverting

22:25 Attempting to exploit the process blacklist

24:25 Unintended root LXC Background

28:30 Creating an Alpine LXC

30:40 Importing the image into lxc

32:00 Creating the container

32:40 Adding the host drive to container

34:20 Starting the container and entering it

35:05 Examining the Process Blacklist script

35:54 Running through the exploit again on a Ubuntu Host

Playlist

Uploads from IppSec · IppSec · 36 of 60

← Previous Next →