HackTheBox - Usage
00:00 - Introduction
00:50 - Start of nmap
02:00 - Discovering the page is Laravel based upon cookies
05:30 - Discovering the SQL Injection in Reset Password, then running SQLMap screwing up our results because we logged out in middle of SQLMap
18:50 - Cracking the user out of admin_users
20:00 - Logging into admin.usage.htb and discovering a vulnerable Laravel Admin, which is vulnerable to PHP File Upload in the avatar
24:10 - Shell returned on the box
28:30 - Discovering we can run 7z with sudo and the Wildcard Spare Trick will let us read files
Watch video HackTheBox - Usage online, duration hours minute second in high quality that is uploaded to the channel IppSec 10 August 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 16,202 times and liked it 485 visitors.
