Hack The Box Obscurity
00:00 Intro 01:03 Quick rant about Security through Obscurity and why it can be good 02:30 Begin of nmap ing the box 06:30 Checking out the webpage, GoBuster giving weird errors, try WFUZZ 12:05 Taking a deeper look at the website while we have some recon running 17:45 Wfuzz found nothing hunting for 18:00 Doing some Directory Traversal attempts against the webserver, and seeing it looks like its vulnerable 20:50 Extracting the source code to the webserver by specifying 23:30 Installing VS Code so we can run this webserver and insert breakpoints 28:20 Creating then running the code in VSCode 36:00 Exploiting the exec() statement in the WebServer 39:00 Explaining that we can t use + for spaces in the url, have to do 20, then testing a reverse shell 45:00 Reverse shell returned 46:50 Turns out the intended way is to find the, develop, directory. Looking into why wf
|
|