HackTheBox - Bizness
00:00 - Introduction
01:00 - Start of nmap
03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here
04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster
07:40 - Discovering the OfBiz Version, looking for exploits
09:00 - Going over the Authentication Bypass in OfBiz
12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions
14:30 - Building a ReverseShell Payload that works with YSOSERIAL
18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Database
22:30 - Copy the Derby Database then using IJ from Derby-Tools to dump the data
26:40 - The hash in the database is a URL Base64 Encoded, decoding it reveals it has a length of 40 which is normal for Sha1Sum. Decoding it then cracking with hashcat
Watch video HackTheBox - Bizness online, duration hours minute second in high quality that is uploaded to the channel IppSec 25 May 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 15,862 times and liked it 450 visitors.
