HackTheBox - Runner
00:00 - Introduction
01:00 - Start of NMAP
05:00 - Discovering the TeamCity Subdomain, which has a version banner showing it running 129390 and is vulnerable to CVE-2023-42793
07:30 - Exploring the TeamCity Authentication Bypass vulnerability to see why URL's ending in RPC2 don't require authentication
11:30 - Logged in as an administrator on TeamCity creating a Backup, which has a Database Backup and any SSH Keys associated with projects
18:30 - Analyzing the SSH Key to discover the username that generated it and logging into the box
20:50 - Going another route on TeamCity, Enabling Debug Mode than running commands
27:55 - Showing how to get RCE on Linux when you can specify a Binary with only 1 parameter (Using AWK)
31:00 - Shell on the box as John, doing basic enumeration
34:00 - Logged into Portainer as Matthew (cracked password from database dump)
37:50 - Exploiting RUNC by setting the working directory of a container to /proc/self/fd/8, then gaining access to the root filesystem
Смотрите видео HackTheBox - Runner онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал IppSec 24 Август 2024. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 10,089 раз и оно понравилось 335 посетителям.
