Hack The Box Postman

Views: 3

01:00 Begin of nnmap scan 01:45 Checking out the website, trying to identify what technology runs the site 03:20 Nmap scan finished, start more recon (GoBuster and full nmap port scan) 07:00 Trying to find out when the website was stood up with exiftool 09:00 Full nmap showed the REDIS port, initial poking 10:55 Searching the internet for things you can do with a REDIS Server 14:50 Dropping a webshell didn t work, lets try dropping an SSH Key 16:30 Discovering the location of a. ssh directory by guessing the default 19:30 Got a shell on the box 22:00 Running LinPEAS 29:45 Running LinEnum twice (once with throrough mode enabled). To make sure we have good recon. 33:10 Discovering Matt logged in at a time we did not previously have 36:07 Discovering an encrypted SSH key, cracking the SSH Key with John 40:00 SSH failing to work, decide to just use su to switch to the Matt User 42:00 Discovering we