filmov
tv
HackTheBox | Shibboleth 🔒 (Linux | Medium) | Beginners Walkthrough
Показать описание
Today we root the Shibboleth 🔒 (Linux | Medium) machine from HackTheBox! - Like and Subscribe :)
⏱️Timestamps/Steps:
➡️ 00:00 - Port scan
➡️ 00:35 - Web enum
➡️ 01:00 - Web app analysis
➡️ 01:30 - Subdomain enum
➡️ 02:20 - Zabbix web app analysis
➡️ 03:20 - Zabbix CVE analysis
➡️ 05:30 - UDP port 623 (asf-rmcp) - ipmi2 analysis
➡️ 06:30 - Dumping hashes via IPMI2
➡️ 07:50 - Cracking ipmi2 sha1 hash with hashcat
➡️ 08:50 - Logging into Zabbix with admin creds
➡️ 12:00 - Getting RCE via Zabbix
➡️ 15:00 - Escalting to IPMI-SVC user via password reuse
➡️ 15:20 - Linenum/linpeas priv esc scripts invokation
➡️ 16:30 - Reviewing files our group owns
➡️ 18:00 - Finding a zabbix conf file with sql creds
➡️ 19:00 - Using the mysql creds to log in and get MYSQL version
➡️ 21:45 - Get MYSQL version and finding exploit for MYSQL
➡️ 23:00 - Using CVE-2021-27928 to get ROOT
➡️ 25:30 - Getting ROOT
➡️ 25:50 - Outro
For more Cyber security/hacking/pentesting beginner based content, check out the rest of my channel covering:
⭐️Web application security:
- SQL injection, Server Side template Injection, XSS, remote code execution/Injection(RCE) XXE(XML Enternal Entity Injection) etc.
⭐️Link to box:
⏱️Timestamps/Steps:
➡️ 00:00 - Port scan
➡️ 00:35 - Web enum
➡️ 01:00 - Web app analysis
➡️ 01:30 - Subdomain enum
➡️ 02:20 - Zabbix web app analysis
➡️ 03:20 - Zabbix CVE analysis
➡️ 05:30 - UDP port 623 (asf-rmcp) - ipmi2 analysis
➡️ 06:30 - Dumping hashes via IPMI2
➡️ 07:50 - Cracking ipmi2 sha1 hash with hashcat
➡️ 08:50 - Logging into Zabbix with admin creds
➡️ 12:00 - Getting RCE via Zabbix
➡️ 15:00 - Escalting to IPMI-SVC user via password reuse
➡️ 15:20 - Linenum/linpeas priv esc scripts invokation
➡️ 16:30 - Reviewing files our group owns
➡️ 18:00 - Finding a zabbix conf file with sql creds
➡️ 19:00 - Using the mysql creds to log in and get MYSQL version
➡️ 21:45 - Get MYSQL version and finding exploit for MYSQL
➡️ 23:00 - Using CVE-2021-27928 to get ROOT
➡️ 25:30 - Getting ROOT
➡️ 25:50 - Outro
For more Cyber security/hacking/pentesting beginner based content, check out the rest of my channel covering:
⭐️Web application security:
- SQL injection, Server Side template Injection, XSS, remote code execution/Injection(RCE) XXE(XML Enternal Entity Injection) etc.
⭐️Link to box:
0:26:02
HackTheBox | Shibboleth 🔒 (Linux | Medium) | Beginners Walkthrough
0:44:22
HackTheBox - Shibboleth
0:20:07
Linux Shared Object Files - Shibboleth Beyond Root [HackTheBox]
0:21:46
HackTheBox – Shibboleth Walkthrough - In English
![[HTB] Shibboleth |](https://i.ytimg.com/vi/QvXDm3dSbOI/hqdefault.jpg)
0:42:29
[HTB] Shibboleth | Walkthrough
0:09:47
Hackthebox - Shibboleth Walkthrough - Medium
0:09:22
HackTheBox(HTB) | Cap 🚢 (Linux | Easy)
1:25:56
Maquina Shibboleth Hack The Box Estilo OSCP #oscp #pentester #redteam
0:07:01
SSRF & Python Debugger - Forge @ HackTheBox
0:50:23
HTB - Shibboleth (medium) walkthrough (ITA)
0:39:05
HackTheBox - Passage
2:08:45
Maquina Shibboleth Hack The Box (Live Completo)
0:13:31
Fixing My PwnScript for HTB Calamity
0:01:50
ShibbolethSPUnsupportedRequestResolved
0:00:29
How to Install SAML / Shibboleth Plugin on your Kanban Board
0:06:38
CyberSecLabs - Fuel - Linux [Walkthrough]
0:38:38
IPMI Dump Hashes & Zabbix RCE | Shibboleth WalkThrough
0:43:49
Reverse Proxy Nginx and Shibboleth/2FA/MFA Authentication Setup in under 20 Mins.
0:01:10
DeployShibbolethIDPWarFile
0:53:01
HackTheBox - Undetected
0:41:10
HackTheBox - TheNotebook
0:58:28
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
0:21:18
HackTheBox - Writer Walkthrough - In English
2:19:39
HackTheBox - Hancliffe
Комментарии