HackTheBox - MetaTwo
00:00 - Introduction
01:00 - Start of nmap, attempting to login with FTP then going to the website
02:45 - Running WPScan with enumerate all plugins in aggressive mode
04:00 - Taking a look at the site while WPScan runs and finding a plugin (BookingPress-Appointment-Booking) and finding an exploit
06:15 - Replacing the NONCE in the exploit to get it working
09:00 - Using SQLMap to dump everything, while we attempt to get only the data we think we are interested in.
11:00 - Manually dumping the WP_USERS table with the SQL Injection
13:25 - Cracking the wordpress hashes to get a user credential
16:57 - EDIT: Playing with SQLMap to get it to dump this database
23:30 - Searching for Wordpress exploits, discovering an XXE in WAV Files
25:20 - Using the XXE to exfil files off the webserver
30:20 - Discovering FTP Credentials in the WP Config, logging into the FTP Server and finding SSH Credentials
32:40 - Logging in as JNelson and seeing PassPie, which is a CLI Password Ma
4 months ago 00:00:00 1
5 months ago 00:04:06 1
5 months ago 00:32:44 18
5 months ago 00:34:38 2
5 months ago 01:27:34 5
5 months ago 00:37:18 6
5 months ago 00:41:25 5
5 months ago 01:46:13 2
5 months ago 01:12:42 3
5 months ago 00:26:29 1
5 months ago 02:06:46 2
5 months ago 00:54:43 11
5 months ago 02:05:30 1
6 months ago 00:33:44 1
6 months ago 00:27:16 1
7 months ago 00:30:39 1
7 months ago 11:21:04 1
8 months ago 05:30:24 3
9 months ago 01:02:06 16
9 months ago 00:16:21 18
9 months ago 02:09:39 14
9 months ago 00:29:19 2
10 months ago 00:39:17 7
10 months ago 00:42:37 10
