Скачать с ютуб HackTheBox - Writeup в хорошем качестве

HackTheBox - Writeup

01:04 - Start of recon identifying a debian box based upon banners 02:30 - Taking a look at the website, has warnings about DOS type attacks. 03:17 - Discovering the /writeup/ directory in robots.txt 04:18 - Checking the HTML Source to see if there's any information about what generated this page. Discover CMS Made Simple 05:15 - CMS Made Simple is an opensource product. Search through the source code to discover a way to identify version information. 07:30 - Using SearchSploit to find an exploit 09:05 - Running the exploit script with a bad URL and triggering the servers anti-DOS protection 10:10 - Running the exploit script with correct URL and analyze the HTTP Requests it makes via Wireshark to see how the SQL Injection works 16:20 - Explaining how password salts work 19:00 - Using Hashcat to crack a salted md5sum 21:15 - Demonstrating the --username flag in hashcat, this allows you to associate cracked passwords to users 24:14 - Begin of low-priv shell, running LinEnum to discover we are a member of staff 27:58 - Using google to see what the Staff group can do (edit /usr/local/bin) 28:40 - Explaining path injection 29:40 - Using PSPY to display all the processes that start on linux, useful for finding crons or short-running processes 31:58 - Running PSPY to see run-parts is called without an absolute path upon user login 33:13 - Performing the relative path injection by creating the file /usr/local/bin/run-parts which will drop our SSH Key