HackTheBox - Keeper
Рет қаралды 13,577
00:00 - Introduction
01:00 - Start of box
02:00 - Checking out Request Tracker, login with default creds
06:30 - Finding a password in the users description on RT
09:00 - Googling how to get keepass passwords from memory
11:00 - Talking about how this exploit actually works, its because of the textbox!
15:00 - Using strings on the dump file to show how the password looks in memory
20:30 - Searching the keepass, finding a putty private key
23:00 - Converting the putty key to openssh
26:00 - Grabbing root
@marsanmarsipan 8 ай бұрын
was just searching for CVE's for this one, but failed to look into default username and passwords.. Another great video, Ipp!
@0xrod 8 ай бұрын
This was my first htb, excited to see here
@mathiasensimon 6 ай бұрын
Rødgrød med fløde is a Danish tungtwister for joking with foreigners. It is also a dish but it's like an inside joke in Denmark
@AUBCodeII 8 ай бұрын
Hey Ipp, who's your favorite SpongeBob character and why is it Squidward?
@AUBCodeII 8 ай бұрын
Ipp's a keeper
@jondoe79 8 ай бұрын
Every detail matters, I'm interested for sure no matter how long the video is
@eklypzn 8 ай бұрын
yeah, I'm glad I just logged into commando for this box, but It's nice to see how I could have done it in linux.
@Ivo-- 8 ай бұрын
I completely missed the password in the user comment, but got code exec through RT itself, you can define a custom action and run perl code. Also I was very lazy and just ran the windows version of puttygen through wine.
@superfadelito 8 ай бұрын
I was trying to do that but didint use pearl code, could you share where you found that cve? Didint find anything more specific, just vague explanations
@Ivo-- 8 ай бұрын
@@superfadelito it's not a CVE, it's a feature. They're called Scrips in RT. You can assign an action to a trigger for example when a ticket gets a comment, you can run a scrip.
@johnsaintfleur3204 3 ай бұрын
Thanks, this video really helped me out!
@MygenteTV 8 ай бұрын
what?! crazy, I remember writing a whole article last year on how to extract those password from memory to then exploit them. now i see this wrong and even a gitbuh python script for it. Lmao
@sand3epyadav 8 ай бұрын
Miss u and love u sir
@0xazyz897 8 ай бұрын
very nice
@azizhankaya8694 8 ай бұрын
can you also do new blockchain challenges
@tg7943 8 ай бұрын
Push!
@sotecluxan4221 8 ай бұрын