HackTheBox - Monitored
00:00 - Introduction
01:00 - Start of nmap
02:40 - Examining the webpage, not finding much
05:30 - Checking out SNMP, discovering its open with the default community string. Installing MIBS so we can make sense of the data
08:20 - The process list is in SNMP, explaining how to read this data
12:40 - Grepping interesting processes discovering there's a bash script that has user credentials in arguments! Attempting to log into Nagios with it
14:00 - The SVC Account couldn't log in on the GUI, Looking for how to login via an API
15:45 - Logging into Nagios, discovering it is version 5.11.0 which is vulnerable to a SQL Injection
17:40 - Manually exploiting this Error Based SQL Injection with XPATH
26:45 - Using Burpsuite Intruder to dump the TABLES, then edit the columns in burpsuite to show tables easily
33:40 - The APIKEY is too long to display, using SUBSTRING to grab the APIKEY in multiple requests
35:45 - Finding a way to register a new user with our API KEY and make them an administrator
39:00 - Creating a Nagios Check to send us a shell
41:20 - Showing how to perform the SQL Injection through SQLMap
49:00 - Finding the MySQL Password of Nagios
51:00 - Discovering the Nagios user has a bunch of sudo rules
57:00 - (Root method 1) Exploiting GetProfile through creating a SymLink
59:00 - (Root method 2) Overwriting the Nagios Binary than using Sudo to restart the service to get a root shell
Watch video HackTheBox - Monitored online, duration hours minute second in high quality that is uploaded to the channel IppSec 11 May 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 13,131 times and liked it 374 visitors.
