Рет қаралды 23,950
00:00 - Intro
01:02 - Running nmap against all ports
04:55 - Attempting to enumerate the initial web page (Voting System)
08:00 - Nmap finished, checking staging.love.htb from the SSL Certificate
10:05 - Finding an SSRF Vulnerability in the file scanner
12:30 - Having trouble using WFUZZ to fuzz all ports
17:45 - Switching to FFUF and still having trouble to fuzz all ports
24:30 - Fuzzing takes too long, trying ports from nmap to see if any page is restricted by IP and findig creds
29:45 - Attempting to use an exploit script for Voting System (More at end of video)
39:40 - Enough with the exploit script, manually exploiting the application with an image upload
43:43 - Using Nishang to get a reverse shell, then running WinPEAS
52:30 - Seeing AlwaysInstallElevated is set on the system, using msfvenom to build an msi
54:45 - Box Done - Going back to the exploit script and getting it working