HackTheBox - Passage
00:00 - Intro
01:10 - Start of nmap
02:10 - Identifying this is likely Ubuntu Xenial
03:30 - Attempting basic SQL Map
05:20 - Failing to find a way to enumerate CuteNews version
06:55 - Looking over an exploit script from SearchSploit
08:15 - Finding there is a page that exposes a bunch of user hashes... wat?
10:20 - Copying a bunch of PHP Blobs, then using grep to only show us the hashes
11:50 - Going back to looking over the exploit script
14:00 - Sent the exploit script through burpsuite and looking at each request
15:45 - Getting a reverse shell and fixing out TTY
19:00 - Searching CuteNews PHP Files for passwords
20:35 - Decoding the php files within the users directory to get password hashes
20:50 - Writing a nasty bash one liner to go over all the files and output the base64, then use grep to only show what we want to get hashes
23:00 - Using Hash Identifier to get an idea what the hash is, then using CrackStation to quickly crack
26:15 - The Cred we decrypt
4 months ago 00:10:23 1
7 months ago 00:00:00 1
9 months ago 00:04:06 1
9 months ago 00:32:44 18
9 months ago 00:34:38 2
9 months ago 01:27:34 5
9 months ago 00:37:18 6
9 months ago 00:41:25 5
9 months ago 01:46:13 2
9 months ago 01:12:42 4
9 months ago 00:26:29 1
9 months ago 02:06:46 2
9 months ago 00:54:43 11
9 months ago 02:05:30 1
10 months ago 00:33:44 1
10 months ago 00:27:16 1
10 months ago 00:30:39 1
11 months ago 11:21:04 1
12 months ago 05:30:24 3
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
