HackTheBox - ServMon

Published: 20 June 2020
on channel: IppSec

35,980

804

00:00 - Intro
00:50 - Start of NMAP
03:45 - Using SMBClient to search for open shares (None)
04:30 - Checking out the web page, some light fuzzing on login and examining how the language selection works
07:55 - Taking a Screenshot on Parrot and pasting it into Cherry Tree (Shift+PrintScreen)
14:30 - Checking out FTP and downloading the two txt files
16:30 - Viewing port 8443, and realizing this page really hates firefox. Switch to Chromium
19:05 - Using searchsploit to find there's a directory traversal exploit in NVMS
20:05 - Grabbing Passwords.txt off Nathan's Desktop (filename was an FTP Note)
22:50 - Using CrackMapExec to bruteforce logins for SMB and SSH (SSH alread bug fixed in DEV Branch)
26:00 - Logging in with SSH, then looking for WebServer directories
30:20 - Examining the NSClient directory to view the config
33:40 - Using SSH to setup a port forward
35:50 - Lots of flailing around trying to get code execution
44:00 - Enough flailing, box reverted and do a clean run of this exploit
49:00 - Flailing around trying to get Nishang to run... Defender is giving me issues.
59:30 - Giving up with Defender Evasion, switching to nc.exe to get a reverse shell
1:01:20 - Reverse shell returned as System grabbing root.txt

Watch video HackTheBox - ServMon online, duration hours minute second in high quality that is uploaded to the channel IppSec 20 June 2020. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 35,980 times and liked it 804 visitors.

443