TryHackMe - Bandit

Buy Me A Coffee :)

0:00 Intro
1:20 Registration and getting target information
3:30 Nmap scan and results
5:55 Enumerating and playing around with the website
9:00 Looking into XSS
10:45 Looking into HTTP Request Smuggling
15:40 Building a simple XSS payload for Request Smuggling
18:30 Payload built. Trying Request Smuggling
19:40 Request Smuggling is successful. Trying to steal a session cookie
DEBUGGING
22:30 Building a XSS session cookie grabber. Didn't work
27:30 Got a proper payload. Trying Request Smuggling again
29:00 Got session cookie. Looking at upload functionality
30:30 Trying to upload a PHP image file and a PHP file
32:55 Finding where files are stored
34:00 Bypassing character limitation and getting a shell
36:30 Unable to upgrade shell. Finding credentials
38:00 We have SSH access to the machine
39:00 Finding PowerShell history file and more credentials
40:10 Using PSSession to access the Windows target
41:05 Bypassing the PowerShell restricted environment
46:00 Command Injection executed and getting reverse shell