Hack The Box Drive

Views: 1

00:00 Introduction 01:00 Start of nmap 02:30 MasterRecon Examining CSRF Cookie to discover it is likely Django 07:50 Using FFUF to bruteforce ID s of uploaded files, can discover valid ID s but not view the ID itself 14:00 Accidentally deleting something important when FUZZING, always be careful of what you are doing with tools 16:45 Discovering the, block endpoint allows us to view any file, discovering a file with credentials which lets us log into the server 23:00 Setting up a SSH Tunnel to access port 3000, which is Gitea. Discovering an old commit that has the password to decrypt backups 32:00 Logging into the box as Tom, discovering the DoodleGrive Binary, opening it up in Ghidra 38:45 Looking at the SanitizeString command, to see what characters we cannot use 41:40 Exploiting DoodleGrive via SQL Injection with the EDIT command, this is easy to exploit because SetUID s preserve environment variables 47:40 Got root, our path is messed up