HackTheBox - Bizness

preview_player
Показать описание
00:00 - Introduction
01:00 - Start of nmap
03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here
04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster
07:40 - Discovering the OfBiz Version, looking for exploits
09:00 - Going over the Authentication Bypass in OfBiz
12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions
14:30 - Building a ReverseShell Payload that works with YSOSERIAL
18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Database
22:30 - Copy the Derby Database then using IJ from Derby-Tools to dump the data
26:40 - The hash in the database is a URL Base64 Encoded, decoding it reveals it has a length of 40 which is normal for Sha1Sum. Decoding it then cracking with hashcat
  1. IppSec
Рекомендации по теме
HackTheBox - Bizness 0:32:16

HackTheBox - Bizness

HackTheBox Bizness 🤑 0:17:57

HackTheBox Bizness 🤑

Hack The Box 0:00:45

Hack The Box Bizness

I Played HackTheBox 0:10:23

I Played HackTheBox For 30 Days - Here's What I Learned

HackTheBox - Bizness 0:08:52

HackTheBox - Bizness Walkthroughs | OFBIz Authentication Bypass

Hack The Box 0:00:53

Hack The Box and Try Hack Me are no longer enough

Hack The Box 0:09:44

Hack The Box - Business CTF 2022 - Dirty Money: Lina's Invitation

Naked CTF with 2:00:15

Naked CTF with zero prep first attempt! (Ep 30 HackTheBox Bizness)

Máquina Bizness - 3:56:22

Máquina Bizness - Hack The Box

HACKTHEBOX - Bizness 0:07:03

HACKTHEBOX - Bizness

Reverse Engineering Loops 0:11:18

Reverse Engineering Loops - 'Syncopation' HackTheBox Business CTF

HackTheBox Business CTF 0:25:56

HackTheBox Business CTF 2021 - Forensics: badRansomware Walkthrough

Insane Hack the 0:00:53

Insane Hack the Box Skills How to Land a Penetration Tester Job

Make money through 0:00:55

Make money through #HACKING: Become a Bug Bounty Hunter with CBBH! ✍️

HackTheBox 'Business CTF' 0:16:02

HackTheBox 'Business CTF' - Time - Command Injection

Hack The Box: 0:29:46

Hack The Box: Hacking Bizness

How cyber attacks 0:10:20

How cyber attacks can ruin your business - 21y4d - HackTheBox Business CTF 2024

JSON Web Keys 0:29:09

JSON Web Keys (JWK & JWT) - 'Emergency' - HackTheBox Business CTF

Hack The Box 0:07:24

Hack The Box - Business CTF 2022 - Dirty Money: ChromeMiner

Hack The Box 0:16:13

Hack The Box Business CTF 2021 - Sketchy Page challenge solution

Hack The Box 4:08:16

Hack The Box Business CTF 2021 - Pre-Event Talks

Apple Will Pay 0:00:49

Apple Will Pay Hackers $1,000,000 For This Bug Bounty 😳

Bizness - Hack 0:37:23

Bizness - Hack The Box

BAD RANSOMWARE - 0:22:01

BAD RANSOMWARE - HackTheBox Business CTF

Комментарии
Автор

that was a nice one, thanks for everything set in the dark mode especially if you watching it in the dark....awesome really

beloraymonyela
Автор

It took me a while to figure this out, but you can also use John the Ripper to crack a salted hash.

First, we need to create the file with the hash and salt, in the format <hash>$<salt>. I'll name it admin.hash:


After that, we need to identify the format to be used:
john --list=subformats | grep -i sha1 | grep -i '\$s'

The command above shows us that we want to use the dynamic_24 and dynamic_25 formats:
Format = dynamic_24 type = dynamic_24: sha1($p.$s)
Format = dynamic_25 type = dynamic_25: sha1($s.$p)

Since we don't know whether the salt is added before or after the string before calculating the hash, we have to test both formats.

Finally, we need to run john with both formats:
john admin.hash --wordlist=rockyou.txt --format=dynamic_25

After running john with the dynamic_25 format, we find out the the cleartext password that, prepended with the salt "d", generates the hash above.

AUBCodeII
Автор

💪🙏👏🏽what a MAGNIFICENT video! Excellent👏👏🏻

azelbane
Автор

it doesnt return true in the login function. Instead, when requiredPassword parameter is set to 'Y' then i returns string "requirePasswordChange".

bartomiejpotaman
Автор

also the blog post doesnt exist anymore or i just cant find it. Anyone anything?

bartomiejpotaman
Автор

It would not be possible for a beginner to discover this part of the hash, I believe that saying that this machine is easy was really a mistake on the part of the staff

Mykmy
Автор

Really well done and thanks for the detailed explanation. Keep up the amazing work ❤❤

HopliteSecurity
Автор

Hey mate ! What is that shell you're using ? Thanks and Cheers !

DrK_PrxY
Автор

Could you turn your microphone up a little in future videos please? I have everything on max and its still quiet

Grasimee
Автор

I just recursively cat the entire directory on to my attack machine into one text file and then used strings. Piped that to grep to look for "Password" 24:03

CHAP_SEC
Автор

You have a beautiful brain good sir 🤓.

martin-hollingsworth
Автор

#Let'sSeeGang
#ThereWeGoGang
#Let'sSeeAndThereWeGoGang

AUBCodeII