HackTheBox - Frolic
01:16 - Begin of Recon, until around 13 minutes gathering information to avoid rabbit holes
04:04 - Using nc/ncat to verify a port is open (-zv)
11:17 - Doing gobuster across man of the sub directories
13:03 - Examining /admin/ - Examine the HTML Source because login is not sending any data
14:09 - Discover some weird text encoding (Ook), how I went about decoding it
15:44 - Decoded to base64 with some spaces, clean up the base64 and are left with a zip file
19:19 - After cracking the zip, there is another text encoding challenge (BrainF*)
25:11 - With potential information, return to our long running recon for more information
28:49 - Discovering /playsms
32:00 - Reading ExploitDB Articles and then attempting to manuall exploit PlaySMS via uploading a CSV
34:34 - Getting a reverse shell
39:00 - Running
40:00 - Finding the SetUID file: rop
42:00 - Exploiting ROP Program with ret2libc
45:30 - Getting offsets of system, exit, /bin/sh from libc using ldd, read
5 years ago 00:41:52 21
3 years ago 02:19:39 34
3 years ago 01:35:23 21
1 year ago 02:09:39 15
2 years ago 00:29:22 8
2 years ago 00:29:32 7
4 years ago 00:59:17 7
7 years ago 01:05:10 0
4 years ago 00:33:08 4
4 years ago 00:42:17 5
3 years ago 00:26:05 24
4 years ago 01:02:12 6
7 years ago 01:02:17 0
4 years ago 00:57:06 2
1 year ago 00:26:29 1
6 years ago 04:28:24 7
6 years ago 01:22:36 0
4 years ago 00:16:02 1
3 years ago 00:40:01 31
4 years ago 01:33:24 3
3 years ago 01:28:45 23
4 years ago 01:03:57 3
4 years ago 00:57:33 1
1 year ago 02:06:46 2
