HackTheBox - Busqueda

Показать описание

00:00 - Introduction
01:00 - Start of the nmap
04:20 - Copying the request in burpsuite to a file so we can use FFUF to fuzz
06:00 - Just testing for SSTI
06:45 - Found two bad characters, putting a comment after a bad character to see where it is failing
08:20 - Discovering we can append to the string, then trying for executing code with print to test for eval statements
10:00 - Getting a reverse shell
15:00 - Reverse shell returned
17:00 - Looking at apache virtualhosts to discover a hidden vhost that is running gitea
19:00 - Finding creds in the .git folder which lets us run sudo
22:00 - Inspecting the docker containers to discover passwords in environment variables which lets us log into gitea as administrator and view the script we are running as sudo

IppSec

Рекомендации по теме

Комментарии

Thanks Ippsec !! All of these videos are really amazing!!
I learn with every writeup of this channel and I improved so so muchh, so thanks and that's very cool!!

mf-

Nice video, ffuf is really a great tool I recently learned to use, hoping that it can help me find all sorts of injections / vulns for future CTFs / OSCP lol

ancestrall

Hitting like then watching the video :), thank you

abdosama

you can use '--head' in curl to get only response headers

yourinatestrn

Hey IppSec, do you suggest reading books in order to understand deep concepts? If yes, can you list out the names of those books?

Thank you for the content, love it 😎♥

halkansan

It is pronounced: booh-ske-dah with emphasis on the bus

spcejocky

at the end when i write the full-checkup.sh file in dev/shm and try to run system checkup, it still says something went wrong, after a few seconds seems like the machine automatically deleted the file I wrote, I even tried to only put echo 'hi' in the file to test, just in case there is a bug in my code, still says something went wrong, I followed all steps correctally, anyone knows what the problem is?

tonysong