HackTheBox - Postman
01:00 - Begin of nnmap scan
01:45 - Checking out the website, trying to identify what technology runs the site
03:20 - Nmap scan finished, start more recon (GoBuster and full nmap port scan)
07:00 - Trying to find out when the website was stood up with exiftool
09:00 - Full nmap showed the REDIS port, initial poking
10:55 - Searching the internet for things you can do with a REDIS Server
14:50 - Dropping a webshell didn’t work, lets try dropping an SSH Key
16:30 - Discovering the location of a .ssh directory by guessing the default (/var/lib/redis/.ssh)
19:30 - Got a shell on the box!
22:00 - Running LinPEAS
29:45 - Running LinEnum twice (once with throrough mode enabled). To make sure we have good recon.
33:10 - Discovering Matt logged in at a time we did not previously have
36:07 - Discovering an encrypted SSH key, cracking the SSH Key with John
40:00 - SSH failing to work, decide to just use “su“ to switch to the Matt User
42:00 - Discovering we
4 months ago 00:00:00 1
5 months ago 00:04:06 1
6 months ago 00:32:44 18
6 months ago 00:34:38 2
6 months ago 01:27:34 5
6 months ago 00:37:18 6
6 months ago 00:41:25 5
6 months ago 01:46:13 2
6 months ago 01:12:42 3
6 months ago 00:26:29 1
6 months ago 02:06:46 2
6 months ago 00:54:43 11
6 months ago 02:05:30 1
6 months ago 00:33:44 1
7 months ago 00:27:16 1
7 months ago 00:30:39 1
7 months ago 11:21:04 1
9 months ago 05:30:24 3
9 months ago 01:02:06 16
9 months ago 00:16:21 18
9 months ago 02:09:39 14
10 months ago 00:29:19 2
10 months ago 00:39:17 7
10 months ago 00:42:37 10
