SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation - StreamIO @ HackTheBox

preview_player
Показать описание
This video is about StreamIO, a medium difficulty Windows machine on HackTheBox.

[ Topics ]
• MSSQL Injection
• LFI to RCE
• XAMLX
• EFS-Potato

[ Support & Private Lab Access ]

[ Discord ]

[ Timestamps ]
00:00 Intro
00:22 Enumeration
07:04 Manual MSSQL Injection
11:47 LFI to RCE
18:49 Privesc via XAMLX & SeImpersonate

[ Notes & Links ]

[ Desktop ]

[ About ]

This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.
  1. xct hacks
Рекомендации по теме
SQLi, LFI to 0:27:04

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation - StreamIO @ HackTheBox

SQLi + LFI 0:14:36

SQLi + LFI to RCE using Malicious Image Upload (POST)

LFI to RCE, 0:21:37

LFI to RCE, Sticky Notes & SQLi - Breadcrumbs @ HackTheBox

SQL injection to 0:03:00

SQL injection to RCE

Linux Web Server 0:11:21

Linux Web Server Exploitation (SQLi to RCE)

Union Based SQLi 0:09:01

Union Based SQLi To RCE! - Escalate your SQL injections!

Hack website LFI 0:07:28

Hack website LFI menthode via sqli

Hack A Website 0:15:53

Hack A Website - SQLi + LFI Method (PART 1)

Forced Tampering leads 0:02:05

Forced Tampering leads to Admin panel access | Bug Bounty POC | Lazy Pentester

SQLi to LFI 0:07:09

SQLi to LFI

Lfi To RFi&RCE 0:10:14

Lfi To RFi&RCE By AkDk

SQLi to RCE 0:21:00

SQLi to RCE (PENTEST SOLUTION)

Bypass Not Acceptable 0:03:31

Bypass Not Acceptable | LFI to RCE using /proc/self/environ

Shell upload via 0:09:15

Shell upload via sql queries(SQLI + LFI + RCE)

Getting a PHP 0:02:13

Getting a PHP Shell using SQL Injection | LFI

How to turn 0:12:25

How to turn LFI into RCE! - Relativity Walkthrough EP2

$3,133 bounty: Remote 0:02:21

$3,133 bounty: Remote Code Execution via Local File Inclusion | POC | Bug Bounty 2024

05 - Web4Shell 0:26:01

05 - Web4Shell - SQL Injection to RCE (Final Part)

$15,000 bounty : 0:03:27

$15,000 bounty : Remote Code Execution via File Upload Vulnerability | POC | Bug Bounty 2023

9. SQL Injection 0:23:06

9. SQL Injection - Info Disclosure to LFI & RCE

LFI to RCE 0:18:14

LFI to RCE - Log Poisoning

LFİ TO RCE 0:01:17

LFİ TO RCE

XSS to LFI 0:06:17

XSS to LFI to RCE - Search for LFI everywhere!

How to Bypass 0:02:55

How to Bypass LFI vulnerability by php wrappers

Комментарии
Автор

That priv-esc still blows my mind away till now, glad you did a video on my box and hopefully you enjoyed it!

janitd
Автор

Welcome back homie. This box had me struggling for a while. I required way more time with that privesc to root, I did it differently with adding a user to a specific group, etc...
Please keep bringing these videos. :)

longdashes
Автор

Welcome come back Thanks a lot. I love your videos.

fabiorj
Автор

Thnx a lot for your videos sir, bcoz of your videos and methodology I was able to crack my oscp certification.

jck_dniels
Автор

Doubt on getting shell as yoshishihide..
How you identified that priv esc vector..🤔

skyone
Автор

can you refere on how to make the terminal look like yours?

mouda
Автор

How did you get the user? can you give a hint, on "pollution" htb

artyrsanat
Автор

Hey xct, loved your contents. if you have time, can you make a video on how to setup the linux machine like yours

mirharish