HackTheBox - Node

Published: 03 March 2018
on channel: IppSec

51,090

553

00:45 - Begin of NMAP
03:00 - GoBuster (Fails)
08:15 - Screw GoBuster, BurpSpider FTW
09:12 - Examing Routes File to find more pages
10:10 - Finding Credentials and downloading backup
14:45 - Cracking the zip with fcrackzip
16:45 - Finding more credentials (SSH) within MongoSource
21:50 - Privesc to Tom User
35:04 - Analyzing Backup Binary File
36:49 - Using strace to find binary password
40:25 - Finding blacklisted characters/words
50:00 - Unintended method one, abusing CWD
52:20 - Unintended method two, wildcards to bypass blacklist
54:45 - Unintended method three, command injection via new line
59:15 - Intended root Buffer Overflow ASLR Brute Force

If you want to see more detail on the ret2libc check out October: • HackTheBox - October

Watch video HackTheBox - Node online, duration hours minute second in high quality that is uploaded to the channel IppSec 03 March 2018. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 51,090 times and liked it 553 visitors.

443