HackTheBox - Runner

preview_player
Показать описание
00:00 - Introduction
01:00 - Start of NMAP
05:00 - Discovering the TeamCity Subdomain, which has a version banner showing it running 129390 and is vulnerable to CVE-2023-42793
07:30 - Exploring the TeamCity Authentication Bypass vulnerability to see why URL's ending in RPC2 don't require authentication
11:30 - Logged in as an administrator on TeamCity creating a Backup, which has a Database Backup and any SSH Keys associated with projects
18:30 - Analyzing the SSH Key to discover the username that generated it and logging into the box
20:50 - Going another route on TeamCity, Enabling Debug Mode than running commands
27:55 - Showing how to get RCE on Linux when you can specify a Binary with only 1 parameter (Using AWK)
31:00 - Shell on the box as John, doing basic enumeration
34:00 - Logged into Portainer as Matthew (cracked password from database dump)
37:50 - Exploiting RUNC by setting the working directory of a container to /proc/self/fd/8, then gaining access to the root filesystem
  1. IppSec
Рекомендации по теме
HackTheBox - Runner 0:46:12

HackTheBox - Runner

HackTheBox - Runner 0:50:28

HackTheBox - Runner

Runner | HackTheBox 0:32:17

Runner | HackTheBox | #hackthebox

Runner Hack the 0:41:37

Runner Hack the Box Walkthrough - How to Pwn Runner Machine on Hack the Box

I Played HackTheBox 0:10:23

I Played HackTheBox For 30 Days - Here's What I Learned

Runner HTB Writeup 0:00:21

Runner HTB Writeup | HacktheBox

Пробиваем TeamCity и 0:15:58

Пробиваем TeamCity и Portainer: HackTheBox Runner

SQLi, SSTI & 0:36:47

SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF 'GoodGame'

Runner | HackTheBox 0:21:38

Runner | HackTheBox

Hack The Box 1:17:27

Hack The Box Stories #2 - AMA with egotisticalSW

HackTheBox - Compiled 1:14:13

HackTheBox - Compiled

Ippsec's Thoughts on 0:12:56

Ippsec's Thoughts on the New Hack The Box Seasons

Runner HTB WriteUp 0:07:40

Runner HTB WriteUp || Walkthrough | HackTheBox

Hacking Nunchucks - 1:48:24

Hacking Nunchucks - Part 1 - [HackTheBox - LIVE!]

HackTheBox is Cybersecurity 0:24:29

HackTheBox is Cybersecurity Training that will blow your mind

Hack The Box 2:29:01

Hack The Box - Uni CTF 2020 Talks

Hacking 🔥 Expectation 0:00:31

Hacking 🔥 Expectation vs Reality | Coding Status For WhatsApp

HackTheBox - Builder 1:12:42

HackTheBox - Builder

HackTheBox – Delivery 0:19:45

HackTheBox – Delivery Walkthrough - In English

APIs and JWT 1:32:47

APIs and JWT Hacking! -- [HackTheBox LIVE]

Hacking Education App 0:44:01

Hacking Education App from Hackthebox | HTB PermX Walkthrough | Ethical Hacking

HackTheBox - Driver 0:40:01

HackTheBox - Driver

HackTheBox - Intuition 1:32:00

HackTheBox - Intuition

HackTheBox - RE 1:41:45

HackTheBox - RE

Комментарии
Автор

Thanks for another great walkthrough. love your content mate! keep up the good work it's much appreciated

dvsdfvxan
Автор

Yooo, didn't know you could get info from private keys! Thats so cool

pranavbanerjee
Автор

Another way that I used to root was to mount the root volume to a docker image, guess that's unintended.

shyamganesh
Автор

omg, every time I learn new stuff from u ❤❤

mohammadhosein
Автор

1:25 I Love It When I Hear "ITS UBUNTU SERVER" 😂

RISE_BEFORE_YOU_GREECE
Автор

Can somebody explain to me how to invoke the ssh interactive prompt (ssh>), I've been trying to do it on my terminal but I can't make it work!

jesus.e.pacheco.f
Автор

Why sometimes you use VS to code and sometimes vi or vim? Is it just to change environments for others to see or is there another reason?

NitrogenXP
Автор

Hey Ipp, would you date someone named Osee?

AUBCodeII