HackTheBox - Surveillance
00:00 - Introduction
01:00 - Start of nmap
02:45 - Discovering an exploit for Craft CMS, it doesn't work out of the box because of a typo on exploit-db looking into this exploit
06:00 - Walking through the Exploit Script
11:45 - Getting a shell on the box with the script that was on Github
14:45 - Logging into the CraftCMS Database, finding the password
17:30 - There is a backup of the database in the storage directory, which contains an old password for Matthew
22:45 - Linpeas shows us configurations for ZoneMinder, which lets us into another table of the database
25:20 - Setting a port forward so we can access ZoneMinder, then updating the password so we could login (not needed but fun to do)
29:20 - Showing an unauthenticated exploit in ZoneMinder
31:40 - The ZoneMinder user can run zoneminder scripts with sudo
33:30 - Finding a command injection in ZMUPDATE, getting shell as root
42:20 - Showing ZoneMinder lets you set the LD_PRELOAD which is another way to get root
55:50 - Showing the intended way to exploit ZoneMinder to get a shell as the ZM User, authenticated RCE
Watch video HackTheBox - Surveillance online, duration hours minute second in high quality that is uploaded to the channel IppSec 20 April 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 12,621 times and liked it 335 visitors.
