filmov
tv
HackTheBox - Format Nginx Misconfiguration && Python Format String Vuln
Показать описание
00:00-Intro
00:42-Nmap Scan to see the open Ports
02:30-Looking at the web server and adding domain names into /etc/hosts file
04:58-Trying to do default creds, SQL injection on the login page found
06:40-Registering on the site to see more functionality
07:49-Making a new blog and testing its functionality
09:07-Found XSS (Cross-Site Scripting)
12:00-Looking the requests in the Burpsuite
13:30-Trying to do simple command injection and blind command injection
16:10-Trying to do Local File Inclusion and found it successfully
18:00-looking at the nginx conf file to see for misconfigurations
19:00-Using CHATGPT to make nginx conf file more beautiful
21:00-trying to find Vulnerabilities in the nginx misconf we found
22:37-Doing dirsearch on both of the websites we found
24:44-Found the repo of the cooper user which contains the source code of the site, so we will analyze that source code
30:40-Finding how to exploit nginx misconfig by reading the blog post from Frans Rosen on detectify
33:40-Found the command on exploit notes to do the same thing
38:43-Successfully became a professional user now I have img functionality as well so we will test it and try to get a rev shell now
49:01-Successfully got a revshell, now starting privilege escalation by stabilizing the shell
49:30-Looking at sudo privileges, and suid binaries but did not find anything
51:30-Connecting to Redis Socket and getting the password of the cooper user and logging in as cooper using ssh
53:32-Found a License Binary which has Python Format string Vulnerability so exloiting that to get the root password and getting root.
00:42-Nmap Scan to see the open Ports
02:30-Looking at the web server and adding domain names into /etc/hosts file
04:58-Trying to do default creds, SQL injection on the login page found
06:40-Registering on the site to see more functionality
07:49-Making a new blog and testing its functionality
09:07-Found XSS (Cross-Site Scripting)
12:00-Looking the requests in the Burpsuite
13:30-Trying to do simple command injection and blind command injection
16:10-Trying to do Local File Inclusion and found it successfully
18:00-looking at the nginx conf file to see for misconfigurations
19:00-Using CHATGPT to make nginx conf file more beautiful
21:00-trying to find Vulnerabilities in the nginx misconf we found
22:37-Doing dirsearch on both of the websites we found
24:44-Found the repo of the cooper user which contains the source code of the site, so we will analyze that source code
30:40-Finding how to exploit nginx misconfig by reading the blog post from Frans Rosen on detectify
33:40-Found the command on exploit notes to do the same thing
38:43-Successfully became a professional user now I have img functionality as well so we will test it and try to get a rev shell now
49:01-Successfully got a revshell, now starting privilege escalation by stabilizing the shell
49:30-Looking at sudo privileges, and suid binaries but did not find anything
51:30-Connecting to Redis Socket and getting the password of the cooper user and logging in as cooper using ssh
53:32-Found a License Binary which has Python Format string Vulnerability so exloiting that to get the root password and getting root.
1:06:29
0:32:25
![baby nginxatsu [easy]:](https://i.ytimg.com/vi/SjwdTRqLFx4/hqdefault.jpg)
0:10:20
0:47:21
0:48:01
![[FR] HackTheBox -](https://i.ytimg.com/vi/AP14-jLlcpI/hqdefault.jpg)
0:36:09
![[FR] HackTheBox -](https://i.ytimg.com/vi/kszifbhJ6uw/hqdefault.jpg)
0:25:05
0:43:18
1:40:53
0:06:37
0:14:25
2:34:35
0:43:20
0:08:06
0:15:48
1:07:07
0:05:43
0:04:17
0:42:27
1:01:13
0:40:49
0:08:15
0:20:57
1:37:27