HackTheBox - Phoenix
00:00 - Intro
01:00 - Start of nmap
02:22 - Taking a look at the SSL Certificates and website to find blog/forum
04:57 - Running WPScan, explaining why i like aggressive scanning
09:00 - Finding public vulnerability in Asgaros Forms (Blind Time Based SQLi)
10:45 - Running SQLMap to confirm the injection
21:00 - Examining the Wordpress Database structure, so we can run SQLMap to dump very specific things
25:20 - Cracking wordpress credentials to find out we can’t use any because of MFA
30:10 - Using our SQL Injection to dump a list of activated plugins in wordpress
32:00 - Finding an exploit in the Download From Files plugin, converting it to ignore SSL Validation Errors
35:45 - Uploading a malicious phtml (php) file to get a shell on the box
41:00 - Examining how MFA is enabled on SSH/SU by looking at PAM files
42:10 - Discovering the network can bypass MFA, which our host is on.
45:10 - Using find to show files created between two dates
48:20 - Discov
2 weeks ago 00:33:44 1
4 weeks ago 00:27:16 1
4 weeks ago 02:00:43 1
4 weeks ago 00:20:43 1
4 weeks ago 00:36:09 1
1 month ago 00:30:39 1
2 months ago 00:13:24 1
2 months ago 11:21:04 1
2 months ago 07:22:03 1
2 months ago 00:41:25 4
3 months ago 05:30:24 3
3 months ago 01:02:06 14
3 months ago 00:16:21 18
3 months ago 02:09:39 12
4 months ago 00:15:02 1
4 months ago 00:13:41 1
4 months ago 00:46:30 1
4 months ago 00:09:21 1
4 months ago 00:39:17 7
4 months ago 00:42:37 10
4 months ago 02:34:35 10
4 months ago 00:52:33 9
4 months ago 00:46:53 7
5 months ago 01:21:40 6
