HackTheBox - Doctor скачать в хорошем качестве

HackTheBox - Doctor

00:00 - Intro 00:57 - Start of Nmap 01:40 - Poking at the website and doing Gobuster/SQLMap In the BG 07:50 - Registering an account and enumerating the new features, looking for XSS 08:30 - Testing if the box will click links, discovering Curl reaches back to us 11:20 - Finding command injection in the URL, finding a way to execute commands with spaces 13:37 - Brace expansion isn't working, but IFS allows us bypass space being a bad character 15:30 - Trying to get a reverse shell but failing due to bad characters 18:47 - Using Curl to download a rev shell script and then execute it in order to avoid bad characters 22:00 - Transfering site.db to our box, so we can view the contents and attemp to crack the admins password 29:40 - Finding out we are part of the ADM Group and can read logs! Log contains a password 33:50 - Checking the Splunk Version and looking for exploits 34:55 - Didn't see anything in SearchSploit googling for an exploit then getting root 38:22 - Unintended: Exploring the SSTI Vulnerability 39:45 - Using Basic SSTI to identify what framework the website is using 42:20 - Creating an SSTI Jinja2 Reverse Shell payload and getting a shell 45:00 - Exploring the CURL Vulnerability 47:00 - Deep dive into the SSTI Vulnerability and patching it