HackTheBox - Help
00:49 - Begin of recon
01:45 - Running gobuster to find /support
02:50 - Searching for a way to find version of HelpdeskZ
03:35 - Reading over the File Upload exploit script to see it requires server time
05:10 - Uploading a PHP Reverse Shell Script
07:45 - Going back to GitHub to find where uploads are saved
09:10 - Begin of modifying the script to pull the server time out of HTTP Headers
10:30 - Figuring out the python to pull the “Date“ HTTP Header
14:30 - Getting the Time Format right with
19:40 - Testing out the exploit and getting a shell
23:20 - Discovery of an old kernel, looking for an exploit
24:30 - Copying the exploit, compiling, and privesc!
25:50 - Looking into port 3000
27:00 - /graphql discovered
27:42 - Dumping the schema to discover what data is inside
30:15 - Dumping username, password from the database
32:12 - Logging into HelpdeskZ
33:40 - Discovering the Boolean SQL Injection
34:50 - Running SQLMap
36:00
4 months ago 00:10:23 1
7 months ago 00:00:00 1
8 months ago 00:04:06 1
9 months ago 00:32:44 18
9 months ago 00:34:38 2
9 months ago 01:27:34 5
9 months ago 00:37:18 6
9 months ago 00:41:25 5
9 months ago 01:46:13 2
9 months ago 01:12:42 4
9 months ago 00:26:29 1
9 months ago 02:06:46 2
9 months ago 00:54:43 11
9 months ago 02:05:30 1
9 months ago 00:33:44 1
9 months ago 00:27:16 1
10 months ago 00:30:39 1
10 months ago 11:21:04 1
11 months ago 05:30:24 3
12 months ago 01:02:06 16
12 months ago 00:16:21 18
12 months ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
