HackTheBox - Tabby
00:00 - Intro
00:55 - Start of Nmap
01:25 - Taking a look at the web page
02:40 - Discovering and adding it to /etc/hosts
04:04 - Playing with and explaining the logic of LFI
08:40 - Discovering it is a file_get_contents(), which means we can skip all our “RCE Tests“ as it won’t execute PHP Code
11:20 - Poking at Tomcat and hunting for its file to use with our LFI on apache2
17:30 - Uploading a JSP Webshell to tomcat with credentials found in
20:20 - Using Curl to upload the JSP webshell.
23:10 - Whoops was uploading to the wrong port and then forgot to convert the JSP to a WAR File
25:38 - Reverse shells having trouble running due to bad characters.
27:55 - Downloading the shell to disk, then executing it in order to avoid special characters
31:15 - Reverse shell returned and TTY fixed. Discovering an encrypted zip file that we crack with John
35:00 - Exploring the Zip file to find there’s not
3 months ago 00:00:00 1
4 months ago 00:04:06 1
5 months ago 00:32:44 18
5 months ago 00:34:38 2
5 months ago 01:27:34 5
5 months ago 00:37:18 6
5 months ago 00:41:25 5
5 months ago 01:46:13 2
5 months ago 01:12:42 3
5 months ago 00:26:29 1
5 months ago 02:06:46 2
5 months ago 00:54:43 11
5 months ago 02:05:30 1
5 months ago 00:33:44 1
6 months ago 00:27:16 1
6 months ago 00:30:39 1
7 months ago 11:21:04 1
8 months ago 05:30:24 3
8 months ago 01:02:06 16
8 months ago 00:16:21 18
8 months ago 02:09:39 14
9 months ago 00:29:19 2
9 months ago 00:39:17 7
9 months ago 00:42:37 10
