Рет қаралды 56,743
00:00 - Introduction
00:45 - Begin of nmap and poking at the website
03:00 - Checking when an image was uploaded to the server with wget and exiftool
04:10 - Contact.php discloses the software Gym Management Software is being used. Examining the exploit
06:10 - Editing the Python Exploit to force everything through a proxy, so we can examine what the exploit does.
08:30 - Running the exploit and examining in Burp
14:20 - Having trouble getting a reverse shell via PS, Uploading NC.EXE to do it
17:10 - Running WinPEAS.exe
21:00 - Discovering CloudMe in the Downloads directory then looking at the exploit
23:20 - CloudMe isn't listening on a port... Reverting and getting a shell again
25:30 - Reverse shell returned... Still waiting for CloudMe to listen on a port
27:27 - Uploading Chisel to the box, then doing a port forward for MySQL to enumerate the database
31:00 - Finding MySQL Credentials in db.php, then checking the database from our box thanks to Chisel
34:30 - Replacing the payload in the CloudMe exploit with a reverse shell
37:20 - Running the exploit and getting root