HackTheBox - ServMon скачать в хорошем качестве

HackTheBox - ServMon

00:00 - Intro 00:50 - Start of NMAP 03:45 - Using SMBClient to search for open shares (None) 04:30 - Checking out the web page, some light fuzzing on login and examining how the language selection works 07:55 - Taking a Screenshot on Parrot and pasting it into Cherry Tree (Shift+PrintScreen) 14:30 - Checking out FTP and downloading the two txt files 16:30 - Viewing port 8443, and realizing this page really hates firefox. Switch to Chromium 19:05 - Using searchsploit to find there's a directory traversal exploit in NVMS 20:05 - Grabbing Passwords.txt off Nathan's Desktop (filename was an FTP Note) 22:50 - Using CrackMapExec to bruteforce logins for SMB and SSH (SSH alread bug fixed in DEV Branch) 26:00 - Logging in with SSH, then looking for WebServer directories 30:20 - Examining the NSClient directory to view the config 33:40 - Using SSH to setup a port forward 35:50 - Lots of flailing around trying to get code execution 44:00 - Enough flailing, box reverted and do a clean run of this exploit 49:00 - Flailing around trying to get Nishang to run... Defender is giving me issues. 59:30 - Giving up with Defender Evasion, switching to nc.exe to get a reverse shell 1:01:20 - Reverse shell returned as System grabbing root.txt