HackTheBox - Crafty
00:00 - Introduction
01:00 - Start of nmap
02:55 - Doing a full nmap scan, then scanning the minecraft ports with scripts to discover minecraft version
04:45 - Discovering this minecraft version is vulnerable to Log4j
06:50 - Extracting Java Version/Class Path/etc via Log4j
10:40 - Using the Log4j Shell POC to get a shell, this reflectively loads a Java Library
13:50 - Getting a reverse shell
15:00 - Discovering plugins on the server, copying the JAR over to our box and decompiling it to discover hardcoded credentials
20:20 - Using PowerShell to run a command as Administrator to get root
Watch video HackTheBox - Crafty online, duration hours minute second in high quality that is uploaded to the channel IppSec 15 June 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 14,520 times and liked it 422 visitors.
