HackTheBox - Devvortex
Рет қаралды 11,796
Күн бұрын00:00 - Intro
01:00 - Start of nmap
03:45 - Discovering dev.devvortex.htb is a Joomla Page, showing JoomScan and enumerating version manually through manifests
07:00 - Looking for Joomla Exploits for version 4.2.6, discovering a way to view application config as an unauthenticated user
09:40 - Start of deep dive into the exploit, looking at commits on the day the advisory said this was patched
10:50 - Showing the fix just shows it is a mass assignment vulnerability, looking at how this works
17:10 - Showing fuzzing for arguments with ffuf would have caught this
26:18 - Logging into Joomla, then placing a shell in the Joomla Templates
32:15 - Logging into the database, cracking a hash to gain access to another user
35:30 - Taking a look at sudo discovering apport-cli, gtfobins comes up with nothing, looking at the version to discover an exploit within how it uses PAGER
@haoming5630 2 ай бұрын
If ippsec is confuse, then everyone is confuse.
@elcapitanodeltimbuktu1O1sir Ай бұрын
😂
@Chran0 2 ай бұрын
Awesome video as always! Looking forward to the next one :)
@ManuGram 2 ай бұрын
I just love your content
@Jorge-so1nt Ай бұрын
Thank you very much! Please do more!!! Subscribed already.
@Issa-xz7ds 2 ай бұрын
Started watching ippsec since popcorn
@elcapitanodeltimbuktu1O1sir 2 ай бұрын
I'm From 6 Year Ago Don't Remember What Exactly I Watched 😅
@antoniob.6515 2 ай бұрын
I loved this, as usual
@samaellovecraft 2 ай бұрын
Thanks for the knowledge!
@AUBCodeII 2 ай бұрын
Hey Lois, remember the time I became IppSec and recorded a video for HackTheBox? 0:00
@zauthentiqz-_1188 2 ай бұрын
How long does it take you to do an easy box on average
@user-yk7rc6fq2k 2 ай бұрын
Hi there! I love your videos, and I recently started doing HackTheBox CTFs with free plan. But unlike other platforms, I face some issues when connecting to the machines. I use my Kali Linux VM to connect to the machines with a VPN, but the latency is so large that I can't even properly do some basic recon. Is there anything I can do to resolve this? I'm having a hard time using the machine because of the latency. I tried different regions and both the UDP and TCP protocols for the VPN file, but there was no change. Am I missing something, or is there anything I can do to resolve this? Oh, BTW, I'm from India.
@traderH 2 ай бұрын
Hi ippsec, how do you get a fully interactive powershell reverse shell ?
@monKeman495 2 ай бұрын
hail to the king
@whodaFru4551 2 ай бұрын
I wonder if the fix can be bypassed by encoding the 'public' GET parameter
@elavarasandinesh2698 2 ай бұрын
Please make video for Usage machine
@george___43 2 ай бұрын
😊😊
@patrickFREE. 2 ай бұрын
how does he split the terminal?
@user-sx5to6xl4g 2 ай бұрын
he uses tmux - He got an entire video dedicated to tmux there he explains how to split the terminal using it.
@mizanrahman6261 2 ай бұрын
Please hacking Environment setup vedio with Parrot HTB
@0xazyz897 2 ай бұрын
he already made a video about that
@tg7943 2 ай бұрын
Push!
@highlights973 2 ай бұрын
you insipire me so much to crreate my own channel
@mayukhghara6991 2 ай бұрын
But where is the root flag?
@kristerpanett9683 Ай бұрын
PHP sees everything you put in ?public as a string. So "false" and "0" is not false and 0 😊
@sotecluxan4221 2 ай бұрын