HackTheBox - LinkVortex скачать в хорошем качестве

HackTheBox - LinkVortex

00:00 - Introduction 01:00 - Start of nmap 03:00 - Discovering the Forgot Password lets us enumerate valid emails 04:00 - Using ffuf to enumerate subdomains via virtual host 06:55 - Discovering .git on the dev subdomain, using git-dumper to download the repo 08:20 - Discovering cached files in the .git, one of which has a credential 10:08 - Logged into Ghost, finding the version which shows its vulnerable to CVE-2023-40028 12:20 - Manually performing the Ghost File Disclosure exploit 15:00 - Using the public exploit script to leak the ghost config which gives us an SSH Credential 18:15 - Going over the clean_symlink.h script we can run with sudo, which is vulnerable 3 different ways 19:40 - Showing the Command Injection vulnerability, because of how the script did the if/then logic in bash 20:20 - Showing we can bypass the filter by pointing a symlink to another symlink 26:10 - Showing the race condition, where we can change the contents of the symlink after it checks if it is malicious