HackTheBox - Registry
00:50 - Begin of Recon, discovering hostname in SSL Certificate
05:10 - Running GoBuster against Registry.htb and Docker.Registry.htb to discover CA Certificate in /install/
09:00 - /v2/ on Docker.Registry.HTB requires login, guessing admin:admin and then looking into the Docker Registry API
12:30 - Manually downloading a Blob off the Registry and extracting it to reveal files
15:50 - A bit more elegant way to do this, configure Docker to use this registry by adding the CA to our Docker SSL Cert Store. Then downloading the Bolt-Image Container
20:40 - Discovering an Encrypted SSH Key on the container
22:30 - Explaining SSH Config Files
24:00 - Using find to show files modified between two dates to discover a file with the SSH Key Password
28:15 - Using more forensic artifacts (viminfo) to dicover the file with SSH Key Password
32:40 - Checking /var/www/html to discover the Web User can probably use sudo with restic. Try to get a shell as www-data
36:30 - Checking out Bolt CMS Exploits to discover an authenticated RCE
40:20 - Downloading the bolt SQLite database then viewing the contents and cracking the admin password
42:45 - Identifying the algorithm bolt uses to hash passwords
46:00 - Exploiting Bolt by editing the config to allow PHP Files and then uploading a webshell
50:00 - Could not get a reverse shell, checking iptable rules to see iptables blocks packets initiating a connection on OUTBOUND. Switching to localhost for reverse shell
55:00 - Setting up a Reverse SSH Tunnel to forward 127.0.0.1:8000 to our box, so Restic can talk to us
57:30 - Setting up a Restic Server on our box
1:02:00 - Using Restic to download /root and get the Root SSH Key to login to the box
Watch video HackTheBox - Registry online, duration hours minute second in high quality that is uploaded to the channel IppSec 04 April 2020. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 21,181 times and liked it 463 visitors.
![Is A 360Hz Monitor Worth It For Gaming? [Simple]](https://images.reviewsvideo.ru/videos/GMQM75HnW1I)
