Hack The Box Ready

Views: 2

00:00 Intro 01:20 Start of nmap discovering gitlab 02:30 Registering for an account, then finding the version 04:30 Searching the GitLab commit history to see the patch changing how localhost is verified 07:20 Using the import repo from URL feature to force the server to make a request 09:10 Attempting SSRF Attacks with Gopher 11:50 Successfully got the server to connect back using git with line breaks 13:00 Finding a gitlab RCE Path from SSRF using Redis 15:50 Failing to gttempting to get RCE 20:30 Ping isn t working, trying Whoami with NC 24:00 Finally get RCE with whoami and putting a space at the end of our payload 26:20 Attempting to get a Reverse Shell 29:40 Using CyberChef to get rid of the plus in our base64 paylaod 33:00 Reverse Shell Returned 37:00 DeepCE didn t give us much, running linPEAS again 40:15 Finding the SMTP Password in a backup which is the root password 41:40 Mounting the hosts disk to get root