Hack The Box Scanned Escaping and Exploiting Chroot Based Jails via Unprotected File Descriptor

00:00 Intro 01:00 Start of nmap 02:00 Using MSFVenom to upload a reverse shell to identify what the malware sandbox looks like 04:25 Examining the source code of the sandbox 12:00 Creating a program in C to see the size of an unsigned long 13:40 Creating a program to replace the output of the trace program and exfil data via the return register on the webapp 20:50 Creating a python program to automate uploading the file and returning the output 27:05 Creating a program in C to perform ls, so we can enumerate the jail 34:00 Changing our ls to enumerate, proc 36:25 Adding a readlink() call to our ls program so we can view symlinks 41:00 Discovering an open file descriptor in PID 1, using this to escape the jail and read, etc, passwd 44:40 Dumping the Django Database 46:00 Using hashcat to crack a custom salted MD5 hash, password 51:00 Examining how the sandbox is created on the box itself, explaining how we can abuse setuid binaries because we can