HackTheBox - PC

Published: 07 October 2023
on channel: IppSec

14,277

482

00:00 - Introduction
01:05 - Start of nmap
03:00 - Googling the port number, and reading more about gRPC
04:45 - Install GRPCurl so we can access the gRPC interface
06:30 - Enumerating the grpc interface
10:30 - Registering a user and logging in
13:45 - Using Verbose with GRPCurl to get extra information which includes an JWT
16:20 - Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the database to discover SQLite
19:45 - Enumerating the SQLite Database (similar to Information_schema with mysql)
21:45 - Using Group_Concat with a union injection to dump all users and passwords, then SSH into the box
24:45 - Discovering PyLoad is running on localhost, setting up an SSH Tunnel to access it
26:00 - Finding a public POC and running it to exploit PyLoad

Watch video HackTheBox - PC online, duration hours minute second in high quality that is uploaded to the channel IppSec 07 October 2023. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 14,277 times and liked it 482 visitors.

443