Hack The Box Moderators

Views: 3

00:00 Intro 01:05 Start of nmap, then going over the website 03:30 Examining all the pages on the blog 04:40 Looking at the report parameter, doing some light testing for SQL Injection before moving on to IDOR 07:00 Using ffuf to bruteforce all reports matching upon a word (phrase) on the page 11:00 Attempting to figure out if the md5sum in the logs URL is random by submitting the hash to crackstation 13:00 Discovering a file upload vulnerability, faking a PDF and uploading a PHP Shell 18:25 When using a PHP Shell System() commands don t work. Uploading PHPInfo to view disabled functions and seeing System is blocked 21:00 Getting code execution through Popen() which wasn t blacklisted 24:30 Reverse shell returned 26:55 Discovering another webserver is running on localhost, turns out to be Wordpress 29:50 Exploiting the wordpress plugin BrandFolder to get a shell as Lexi 35:00 Lexi has an SSH Key, using SSH to access the server and then sett