TryHackMe - The Marketplace (Medium) - Live Walkthrough

Показать описание

0:00 - Introduction
0:20 - Starting The Marketplace
01:49 - Scanning with AutoRecon, finding a web server
05:10 - Attempting SQL injection against the login.
08:06 - Attempting username enumeration against the login, encountering errors.
11:57 - Trying to use the disabled file upload functionality, getting nothing.
14:22 - Playing with the JWT.
18:51 - Sending an XSS payload to the admin.
21:39 - Realising I had tmux copy mode turned on which didn't update the log.
22:32 - Sending an XSS payload to steal the admin's cookie.
24:39 - Finding a MySQL injection and using UNION to extract some data.
29:55 - Extracting username / password hashes from the database.
35:22 - Attempting to crack the password hashes but getting nowhere.
38:51 - Realizing I never checked for a messages table...
39:43 - Realizing I had enumerated a messages table all along.
40:45 - Finding a password in the messages, attempting to login using SSH.
42:22 - Logging in as jake, getting a flag.
44:20 - Finding a tar wildcard privesc exploit!
55:04 - Privilege escalation to the michael user.
1:05:09 - Getting a more stable shell as michael, realizing he's in the docker group.
1:07:30 - Mounting / in a docker container and escalating to root.
1:08:12 - Explaining the docker privesc.
1:14:13 - Accidentally overwriting /etc/passwd but fixing it!
1:17:12 - Getting "root" on the actual box.
1:18:22 - Outro

Tib3rius

Рекомендации по теме

Комментарии

Absolutely amazing walkthrough!

I worked through this room, and was stuck in the tar wildcard injection for days! I mean, I made it work, but never really understood what exactly I was doing. Your example with ls and explanation why the asterisk exploitation works made it absolutely clear in my head.

Thank you and keep up the great work!

xx

Awesome vid again Tib3rius. I used to use notion but got frustrated with it partially because of the scrolling issue you were having. If you have the time may I recommend you check out Obsidian. Very similar to Notion but I find it a much more pleasant experience.

glens

What happens if I take away the word "disabled"? * Works * Oh, wow. 😅

skycritch

TryHackMe - The Marketplace (Medium) - Live Walkthrough

TryHackMe - The Marketplace (Medium) - Live Walkthrough

#tryhackme: The marketplace

TryHackMe:The Marketplace

TryHackMe The Marketplace | XSS to RCE | CTF Walkthrough #31

TryHackMe The Marketplace

The Marketplace - TryHackMe | XSS Stored / SQLMap / Docker privesc | Walkthrough en español 2022

[TryHackMe] The Marketplace Walkthrough - Cookie Heist to Become an Admin of the Target Website

Biohazard TryHackMe walkthrough | Advance Pentesting | Medium difficulty | #6

Mastery of Vulnerability Management | TryHackMe Expert Walkthrough

DAST : Task 1-3 : DevSecOps : TryHackMe : Walk through 10.0

Anonymous CTF Walkthrough | Tryhackme

TryHackMe - Archangel - Capture the Flag challenge

Hacker Shows Navy SEAL How Easy It Is To Obtain People's Information

Different CTF - TryHackMe (difficulity:hard)

tryhackme ohsint | A Comprehensive Walkthrough of the TryHackMe OhSINT Room

Wekor - Tryhackme

TryHackMe ! Convert My Video - Uploading Shell Payload // walk-through

Nerd Herd | Tryhackme

TryHackMe ConvertMyVideo || OSCP (Exploit youtube-dl)

The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.

SearchLight Tryhackme | Advance pentesting | #4

[CTF] TRYHACKME - OVERPASS 2 HACKED (EASY)

ShellShock & Kernel Exploits - TryHackMe! 0day

SOC 101: Real-time Incident Response Walkthrough