HackTheBox - Devvortex
00:00 - Intro
01:00 - Start of nmap
03:45 - Discovering dev.devvortex.htb is a Joomla Page, showing JoomScan and enumerating version manually through manifests
07:00 - Looking for Joomla Exploits for version 4.2.6, discovering a way to view application config as an unauthenticated user
09:40 - Start of deep dive into the exploit, looking at commits on the day the advisory said this was patched
10:50 - Showing the fix just shows it is a mass assignment vulnerability, looking at how this works
17:10 - Showing fuzzing for arguments with ffuf would have caught this
26:18 - Logging into Joomla, then placing a shell in the Joomla Templates
32:15 - Logging into the database, cracking a hash to gain access to another user
35:30 - Taking a look at sudo discovering apport-cli, gtfobins comes up with nothing, looking at the version to discover an exploit within how it uses PAGER
Watch video HackTheBox - Devvortex online, duration hours minute second in high quality that is uploaded to the channel IppSec 27 April 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 13,388 times and liked it 435 visitors.
