filmov
tv
HackTheBox | Shibboleth 🔒 (Linux | Medium) | Beginners Walkthrough
Показать описание
Today we root the Shibboleth 🔒 (Linux | Medium) machine from HackTheBox! - Like and Subscribe :)
⏱️Timestamps/Steps:
➡️ 00:00 - Port scan
➡️ 00:35 - Web enum
➡️ 01:00 - Web app analysis
➡️ 01:30 - Subdomain enum
➡️ 02:20 - Zabbix web app analysis
➡️ 03:20 - Zabbix CVE analysis
➡️ 05:30 - UDP port 623 (asf-rmcp) - ipmi2 analysis
➡️ 06:30 - Dumping hashes via IPMI2
➡️ 07:50 - Cracking ipmi2 sha1 hash with hashcat
➡️ 08:50 - Logging into Zabbix with admin creds
➡️ 12:00 - Getting RCE via Zabbix
➡️ 15:00 - Escalting to IPMI-SVC user via password reuse
➡️ 15:20 - Linenum/linpeas priv esc scripts invokation
➡️ 16:30 - Reviewing files our group owns
➡️ 18:00 - Finding a zabbix conf file with sql creds
➡️ 19:00 - Using the mysql creds to log in and get MYSQL version
➡️ 21:45 - Get MYSQL version and finding exploit for MYSQL
➡️ 23:00 - Using CVE-2021-27928 to get ROOT
➡️ 25:30 - Getting ROOT
➡️ 25:50 - Outro
For more Cyber security/hacking/pentesting beginner based content, check out the rest of my channel covering:
⭐️Web application security:
- SQL injection, Server Side template Injection, XSS, remote code execution/Injection(RCE) XXE(XML Enternal Entity Injection) etc.
⭐️Link to box:
⏱️Timestamps/Steps:
➡️ 00:00 - Port scan
➡️ 00:35 - Web enum
➡️ 01:00 - Web app analysis
➡️ 01:30 - Subdomain enum
➡️ 02:20 - Zabbix web app analysis
➡️ 03:20 - Zabbix CVE analysis
➡️ 05:30 - UDP port 623 (asf-rmcp) - ipmi2 analysis
➡️ 06:30 - Dumping hashes via IPMI2
➡️ 07:50 - Cracking ipmi2 sha1 hash with hashcat
➡️ 08:50 - Logging into Zabbix with admin creds
➡️ 12:00 - Getting RCE via Zabbix
➡️ 15:00 - Escalting to IPMI-SVC user via password reuse
➡️ 15:20 - Linenum/linpeas priv esc scripts invokation
➡️ 16:30 - Reviewing files our group owns
➡️ 18:00 - Finding a zabbix conf file with sql creds
➡️ 19:00 - Using the mysql creds to log in and get MYSQL version
➡️ 21:45 - Get MYSQL version and finding exploit for MYSQL
➡️ 23:00 - Using CVE-2021-27928 to get ROOT
➡️ 25:30 - Getting ROOT
➡️ 25:50 - Outro
For more Cyber security/hacking/pentesting beginner based content, check out the rest of my channel covering:
⭐️Web application security:
- SQL injection, Server Side template Injection, XSS, remote code execution/Injection(RCE) XXE(XML Enternal Entity Injection) etc.
⭐️Link to box:
Комментарии