HackTheBox - Traverxec
01:00 - Running nmap against the box, port 80 is running a unique webserver (nostromo)
03:00 - Lets check out the website before we throw any exploits
06:37 - Launching metasploit then exploting Nostromo but sending the exploit through burpsuite to see what it is doing
10:34 - Code Execution worked, for some reason the proxies command didn’t work the first time
11:18 - Explaining why the script does a GET request before throughing an exploit (Exploit Verification)
13:40 - Editing the payload to send a Bash Reverse Shell
15:40 - Running LinPEAS
17:20 - Running LinEnum in Thorough mode
19:22 - Going over LinPEAS Output
22:16 - Going over LinEnum Output
23:00 - Discovering a HTPASSWD Password, then using hashcat to crack it
26:45 - Looking at the HTTP Configuration file to discover public_www directory in home directories
27:30 - Explaining Linux Permissions on Directories and why we can do a ls in /home/david/public_www but not /home/david/
29:50 - Discovering an encr
4 months ago 00:00:00 1
5 months ago 00:04:06 1
6 months ago 00:32:44 18
6 months ago 00:34:38 2
6 months ago 01:27:34 5
6 months ago 00:37:18 6
6 months ago 00:41:25 5
6 months ago 01:46:13 2
6 months ago 01:12:42 3
6 months ago 00:26:29 1
6 months ago 02:06:46 2
6 months ago 00:54:43 11
6 months ago 02:05:30 1
6 months ago 00:33:44 1
7 months ago 00:27:16 1
7 months ago 00:30:39 1
7 months ago 11:21:04 1
9 months ago 05:30:24 3
9 months ago 01:02:06 16
9 months ago 00:16:21 18
9 months ago 02:09:39 14
9 months ago 00:29:19 2
10 months ago 00:39:17 7
10 months ago 00:42:37 10
