HackTheBox - Monitors скачать в хорошем качестве

HackTheBox - Monitors

00:00 - Intro 00:55 - Start of nmap 03:05 - Looking at the webste, getting a VirtualHost and then navigating to the page and confirming Wordpress 04:25 - The wp-content/plugins directory doesn't have an index, don't even need to use wpscan 06:45 - Testing the LFI with the plugin 10:55 - Using wpscan to enumerate wordpress users 12:20 - Explaining the /proc/ directory and why we can use this to enumerate running processes 13:44 - Creating a curl script to enumerate all running processes on the box 15:15 - Pulling apache's configuration to discover another virtual host 19:00 - Trying the wordpress credentials in cacti for password re-use and then exploiting Cacti with a CVE to get a shell 24:00 - Manually enumerating the SQL Databases, using /G to select large amounts of data in a human readable format 29:50 - Discovering the .backup directory in Marcus's home but we can't list contents. Grepping directories for .backup to see if any files are referenced 34:25 - SSH with the Marcus user and a quick refresher on SSH Port Forwarding 36:00 - Using gobuster to discover Apache OfBiz was running on 8443 41:00 - Using ysoserial to exploit Apache OfBiz via java deserialization 47:50 - Shell returned on the container! We are root doing some light enumeration to discover cap_sys_module 52:30 - Compiling the LKM to get a reverse shell 55:30 - Inserting the kernel module and getting root on the box