HackTheBox - Frolic
01:16 - Begin of Recon, until around 13 minutes gathering information to avoid rabbit holes
04:04 - Using nc/ncat to verify a port is open (-zv)
11:17 - Doing gobuster across man of the sub directories
13:03 - Examining /admin/ - Examine the HTML Source because login is not sending any data
14:09 - Discover some weird text encoding (Ook), how I went about decoding it
15:44 - Decoded to base64 with some spaces, clean up the base64 and are left with a zip file
19:19 - After cracking the zip, there is another text encoding challenge (BrainF*)
25:11 - With potential information, return to our long running recon for more information
28:49 - Discovering /playsms
32:00 - Reading ExploitDB Articles and then attempting to manuall exploit PlaySMS via uploading a CSV
34:34 - Getting a reverse shell
39:00 - Running
40:00 - Finding the SetUID file: rop
42:00 - Exploiting ROP Program with ret2libc
45:30 - Getting offsets of system, exit, /bin/sh from libc using ldd, read
10 months ago 00:10:23 1
1 year ago 00:00:00 0
1 year ago 00:04:06 1
1 year ago 00:32:44 19
1 year ago 00:34:38 2
1 year ago 01:27:34 5
1 year ago 00:37:18 6
1 year ago 00:41:25 5
1 year ago 01:46:13 2
1 year ago 01:12:42 4
1 year ago 00:26:29 1
1 year ago 02:06:46 2
1 year ago 00:54:43 11
1 year ago 02:05:30 1
1 year ago 00:33:44 1
1 year ago 00:27:16 1
1 year ago 00:30:39 0
1 year ago 11:21:04 1
1 year ago 07:22:03 1
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
2 years ago 00:29:19 2
2 years ago 00:39:17 7
