Hack The Box Teacher

00:40 Begin of recon 02:00 Poking around at the website to identify what techologies it utilizes 02:30 Discovering something odd about 03:25 Downloading 5. png to discover it is a text file with a portion of a password 06:00 Finding a place to login (, moodle), attempt to enumerate valid usernames 08:00 Using wfuzz to bruteforce the password 11:20 Looking for a way to enumerate Moodle Versions 13:20 Searching for exploits for this version and finding Bad Teacher 14:40 Start of manually exploiting this vulnerability 16:00 Adding a Calculated Question which has the formula (vulnerable) parameter 20:16 Finding artifacts of creating, testing the machine which spoils what we are supposed to do 24:21 Fixing our forumla to allow for code execution 28:30 Getting a reverse shell 30:00 Looking around the MySQL Database to discover hashes of other users 31:52 The account Giovannibak stands out due to the hash being