HackTheBox - Busqueda

Рет қаралды 18,692

Күн бұрын

00:00 - Introduction
01:00 - Start of the nmap
04:20 - Copying the request in burpsuite to a file so we can use FFUF to fuzz
06:00 - Just testing for SSTI
06:45 - Found two bad characters, putting a comment after a bad character to see where it is failing
08:20 - Discovering we can append to the string, then trying for executing code with print to test for eval statements
10:00 - Getting a reverse shell
15:00 - Reverse shell returned
17:00 - Looking at apache virtualhosts to discover a hidden vhost that is running gitea
19:00 - Finding creds in the .git folder which lets us run sudo
22:00 - Inspecting the docker containers to discover passwords in environment variables which lets us log into gitea as administrator and view the script we are running as sudo
25:30 - Discovering the system-checkup.py script is not using an absolute path, so we can execute a shell script in our CWD as root

Пікірлер: 32

@diaahanna8882 11 ай бұрын

The best part of my Saturday

@amieemaya9472 11 ай бұрын

Yes ser

@h1-hackermater 11 ай бұрын

Thanks Ippsec !! All of these videos are really amazing!! I learn with every writeup of this channel and I improved so so muchh, so thanks and that's very cool!!

@ancestrall794 11 ай бұрын

Nice video, ffuf is really a great tool I recently learned to use, hoping that it can help me find all sorts of injections / vulns for future CTFs / OSCP lol

@maixicek 11 ай бұрын

Awesome walk through 👍

@tntxqx8281 11 ай бұрын

Awesome work ippsec

@abdosama 11 ай бұрын

Hitting like then watching the video :), thank you

@cipher4873 11 ай бұрын

fav youtuber

@halkansan 11 ай бұрын

Hey IppSec, do you suggest reading books in order to understand deep concepts? If yes, can you list out the names of those books? Thank you for the content, love it 😎♥

@anonymousvevo8697 11 ай бұрын

really amazing =)

@B4ch4r 11 ай бұрын

Hi Ippsec, Can u tell me which one of your videos covers creating a python script to brute force the ssh key letter by letter ?

@SnakeHellcat-zl8vs 11 ай бұрын

It was awesome.

@user-qm4zl2ng5i 4 ай бұрын

Thank you sir.

@do0fusz 11 ай бұрын

Great video! What terminal emulator are you running?

@yourinatestrn3436 11 ай бұрын

you can use '--head' in curl to get only response headers

@sand3epyadav 11 ай бұрын

I know,

@AUBCodeII 11 ай бұрын

Or "-I"

@Ambassador_Kobi 11 ай бұрын

Bedankt

@Ambassador_Kobi 11 ай бұрын

Just wanted to thank you for all the great content you provided.

@snowden-IT 11 ай бұрын

You are my teacher and a few words of thanks to you

@BogdanDolia 11 ай бұрын

very interesting

@sand3epyadav 11 ай бұрын

I love

@FMisi 11 ай бұрын

It was a fun box

@tg7943 11 ай бұрын

Push!

@ajayroy539 11 ай бұрын

Hello sir ❤😊

@sp4cejock3y23 7 ай бұрын

It is pronounced: booh-ske-dah with emphasis on the bus

@buckbarrette898 11 ай бұрын

我太需要积累经验了

@jaylal4899 9 ай бұрын

the privesc wasn't that easy IMO

@_7RAW 11 ай бұрын

Can you talk slowly please 😢

@tonysong7721 4 ай бұрын

at the end when i write the full-checkup.sh file in dev/shm and try to run system checkup, it still says something went wrong, after a few seconds seems like the machine automatically deleted the file I wrote, I even tried to only put echo 'hi' in the file to test, just in case there is a bug in my code, still says something went wrong, I followed all steps correctally, anyone knows what the problem is?