HackTheBox - Remote
Рет қаралды 39,671
Күн бұрын00:00 - Intro
01:00 - Begin of nmap, enumerate ftp, and smb
05:32 - Taking a look at the website to discover umbraco
10:50 - Examining NFS with showmount
16:00 - Discovering umbraco.sdf on NFS is a database and contains the admin password
21:15 - Logging into umbraco and discovering the unauthenticated RCE
23:35 - Editing the umbraco exploit to ping our box
26:30 - Getting a reverse shell using Invoke-WebRequest instead of (New-Object Net.WebClient)
30:30 - Running WinPEAS to discover UsoSvc service is editable
37:00 - Editing the UsoSvc binpath to execute our reverse shell
40:15 - Alternate Path: Using Rogue Potato to get a shell
@rev0luci0n 3 жыл бұрын
The "oh god" when not filtering on ICMP for tcpdump was hilarious, sums up a lot of my work day in enterprise IT lol
@onlyastron4ut 3 жыл бұрын
Great video as always, you always give me many new insights since my way of rooting this box was completely different!
@ianmusyoka9717 3 жыл бұрын
Happy teachers day ippsec another great video from you i always appreciate the efforts keep up the awesome work
@blackthorne-rose 8 ай бұрын
also more and more now I'm seeing 2 things I did not think I would see - 1. that learning tmux delivers a shell architecture that is très élégant, and 2. that learning vim also delivers a bunch of very quick ways to handle text that are oriented to the kind of data formatting we generally require... as much as I love nano and resisted vim... I'm starting to get it... like :%s/\s//g to "remove spaces" etc. etc.
@MichaelJohnson-br7zz Жыл бұрын
iwr command is very useful. Thank you.
@kosmonautofficial296 3 жыл бұрын
Great video!
@fortRedBorder--.-- 3 жыл бұрын
thanks, IppSec! Oddly enough, I couldn't get the revised binpath to download and execute. It just never did anything for me. I ended up just putting my PS reverse shell script in the Downloads directory and configuring that as the revised binpath. That simplified the binpath command and worked just fine.
@score38 3 жыл бұрын
Do you use parrot OS now? If so what made you switch?
@TalsonHacks 2 жыл бұрын
He is using HTB's pwnbox which is basically a web-based Parrot OS. (just to showcase it).
@thatquietkid8610 2 жыл бұрын
The way he said Oh my god at 17:58 cracked me up 😂😂😂
@MASAbirokou 2 жыл бұрын
Are there 2 intended ways? UsoSvc and local port service (not rogue potato)
@d4rckh122 3 жыл бұрын
Nice
@pentester-ethicalhacker 3 жыл бұрын
Awesome, thank's
@J3zu5 3 жыл бұрын
What theme is this ?
@user-ui8my9zs7o Жыл бұрын
If there was an IP for the nfs what would you have to do to get past that?
@bech2342 3 жыл бұрын
I would like to see a live stream hax 🙃🙈
@cybershieldteam 3 жыл бұрын
nice
@marcozufferli6080 3 жыл бұрын
It is a Windows Server 2019, this OS should be safe againt Juicy Potato / RottenPotato, so why Rotten Potato in this machine works?
@slsoftshow 3 жыл бұрын
🤗🤗
@aaryanbhagat4852 2 жыл бұрын
Why always a separate folder www is made when the code needs to be copied to the attack server to execute?
@ippsec 2 жыл бұрын
It doesn’t have to be. I just do it so I know what files I’m exposing via http.
@aaryanbhagat4852 2 жыл бұрын
@@ippsec oh I see, a very good practice indeed.
@skyone9237 3 жыл бұрын
Bloodyhell ssmith and hash was rabbit hole..now only I came to know😂😂
@user-fp6dt1os1l 3 жыл бұрын
40:24 "that box is currently offline" Why? Are you replacing the 4x GTX 1080Ti's with 4x RTX 3090s? lol
@ippsec 3 жыл бұрын
It's being used for work, I disconnect it from the network when I'm cracking sensitive things.
@ankitkumar6130 3 жыл бұрын
Wait he already has the RTX 3090s??
@theplasmaistplasma6613 3 жыл бұрын
Ankit Kumar No that was just a joke
@5elll960 3 жыл бұрын
Say hello to hairy bagel group :) Punisher - hi, i know you see it ))))
@langstonmenezes 3 жыл бұрын
The aspx exploit is no longer available
@magnfiyerlmoro3301 3 жыл бұрын
didn't explain why rogue potata would work on the machine
@bryanramadhan5460 3 жыл бұрын
I'm really surprised .. I can't even reach the shell with just this exploit script .. (I've tried everything) I finally used burp for this and finally.. it worked
@bech2342 3 жыл бұрын
looks like @john hammend also know your channel 🙊
@Pipwallet 3 жыл бұрын
my guy...
@Pipwallet 3 жыл бұрын
@@johncollins9466 yoooh...you have turn IppSec channel to be a chatting room..LOL
@redpanda31337 3 жыл бұрын
CYBER MONSOON I remember him being named IppsecJr, so he is probably just a big fan
@fatalpath 7 ай бұрын
For the life of me I cannot get a ping from this - anyone have any troubleshooting tips?
@user-fp6dt1os1l 3 жыл бұрын
first
@egg5474 3 жыл бұрын
C++ second
@amoghnath3330 3 жыл бұрын
Can you share your .bashrc file thanks
@FourthDimension001 3 жыл бұрын
PLEASE. DO TRYHACKME THROWBACK...
@GuiltySpark 3 жыл бұрын
all the things all the time that is IppSec
@hamzajayari7158 3 жыл бұрын
Who can help me I want to doing blunder box but i using parrot security when i want to enter to the web page still loading but when i use curl - x GET 10.10.10.191:80 i got the reponse back What the problem Am using firefox browser and chromium and the some thing still loading
@hamzajayari7158 3 жыл бұрын
@@johncollins9466 Firefox
@hamzajayari7158 3 жыл бұрын
@@johncollins9466 i can ping it but when using gobuster or when i want to access web browser keep loading without reponse
@hamzajayari7158 3 жыл бұрын
@@johncollins9466 what can i edit in vpn file i download it from hackthebox and after that am using openvpn to connect I try using chromium but the some as Firefox no reponse
@jmjl2 3 жыл бұрын
Lol, you are using your own service that you configured before, not the intended way... /* On . p.exe */, Why didn't you read the readme?