HackTheBox - Bucket

Published: 24 April 2021
on channel: IppSec

21,115

644

00:00 - Intro
00:57 - Start of nmap discovering the HTTP Site bucket.htb
03:30 - Poking at the website, using the developer console to discover s3.bucket.htb
05:00 - Using curl to view HTTP Headers and discovering amazon
05:30 - Oh god... I forgot to edit the URL in this gobuster! Actually created a feature request in GoBuster to fix this mistake from happening.
05:45 - Installing AWS CLI
06:30 - Using the aws to connect to a custom endpoint, then configure credentials
07:30 - Exploring the S3 Bucket
09:25 - Using S3 to add a reverse shell to the website
11:15 - Reverse Shell returned, spending some time to start taking notes.
16:30 - End of notes, poking around on the terminal to find
19:00 - Discovering some weird ports, checking the apache configuration to see if they are related
20:55 - The Apache mpm_itk_module specifies the site is running as root and not www-data
23:50 - Poking at DynamoDB to get user credentials
26:10 - Doing some jq fu to get exactly the information we want and building a username/password list
30:00 - Explaining extended file attributes and using getfacl to see Roy can access bucket-app
33:30 - Exploring the bucket-app to see it pull information from DynamoDB to build PDF's
35:05 - Using Flameshot to explain exactly what is happening in the code
40:00 - Looking at pd4ml (library used to make PDF) to see we can attach a file
41:45 - Doing a port forward to forward port 8000 back to our box
43:00 - Creating the alerts table in DynamoDB
45:50 - Creating the JSON Document we want to insert into the alert table
48:10 - Using AWS dynamodb --put-item to put the document into the table
49:50 - Creating the PDF and pulling /etc/passwd from the server
52:00 - Because this is java if we fopen a directory, we get a listing, discovering .ssh
53:00 - Pulling the SSH Key
54:22 - Exploring our notes to see what else we wanted to do
56:20 - Showing off the timeline plugin in obsidian

Watch video HackTheBox - Bucket online, duration hours minute second in high quality that is uploaded to the channel IppSec 24 April 2021. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 21,115 times and liked it 644 visitors.

443