HackTheBox - Hospital
00:00 - Introduction
01:00 - Start of nmap
03:00 - Analyzing the TTL to see that the Linux Host is likely a Virtual Machine. Also Docker is not at play since it decremented
07:00 - Attacking the PHP Image Upload Form, discovering we can upload phar files
13:48 - Uploading a php shell, discovering there are disabled functions blocking system
17:15 - Using dfunc bypass to identify proc_open is not disabled and then getting code execution
23:00 - Reverse shell returned on the linux host
26:00 - Uname shows a really old kernel, then doing CVE-2024-1086 which is a NetFilter exploit between kernels to 6.6, getting root and then cracking the hash to get drwilliams password
29:20 - Talking about Man Pages and how they are organized to identify $y$ is yescrypt
33:40 - Logging into RoundCube, discovering an email that indicates that drwilliams runs GhostScript with EPS Files, looking for exploit
36:00 - Building a malicious EPS File with a powershell reverse shell
43:40 - PRIVESC 1: Uploading a shell in XAMPP and getting system
52:30 - PRIVESC 2: Discovering an active session, using meterpreter to get a keylogger running and stealing the password
1:01:50 - While we are waiting for keys to be typed, lets inject a Reverse VNC Server so we can watch the screen
1:10:08 - PRIVESC 3: Showing we could just remote desktop as Chris Brown and then view the password
339 views
176
80
2 months ago 00:10:23 1
I Played HackTheBox For 30 Days - Here’s What I Learned
5 months ago 00:00:00 1
Хакерство для всех: понятные инструкции для начинающих | Иван Глинкин HydrAttack
7 months ago 00:04:06 1
Решаем “Тред Ариадны“ | TINKOFF CTF 2024 | EASY
7 months ago 00:32:44 18
HackTheBox - Analytics
7 months ago 00:34:38 2
HackTheBox - Manager
7 months ago 01:27:34 5
HackTheBox - AppSanity
7 months ago 00:37:18 6
HackTheBox - CozyHosting
7 months ago 00:41:25 5
HackTheBox - Visual
7 months ago 01:46:13 2
HackTheBox - Drive
7 months ago 01:12:42 4
HackTheBox - Builder
7 months ago 00:26:29 1
HackTheBox - Keeper
7 months ago 02:06:46 2
HackTheBox RegistryTwo
7 months ago 00:54:43 11
HackTheBox - Clicker
7 months ago 02:05:30 1
HackTheBox - Bookworm
8 months ago 00:33:44 1
Best Hacking Laptop 2023
8 months ago 00:27:16 1
Top Hacking Books for 2023
8 months ago 00:30:39 1
Прохождение Linux-машины средней сложности SANDWORM HackTheBox | КАК ПРОЙТИ
9 months ago 11:21:04 1
Bug Bounty Course 2024 Updated
10 months ago 05:30:24 3
George Hotz | Programming | Hack The Box | ctf practice for skill (should tomcr00se return?)
10 months ago 01:02:06 16
HackTheBox Zipping
10 months ago 00:16:21 18
HackTheBox - Sau
10 months ago 02:09:39 15
HackTheBox - Coder
11 months ago 00:29:19 2
Прохождение Linux-машины средней сложности SURVEILLANCE HackTheBox | КАК ПРОЙТИ