HackTheBox - Bucket

Опубликовано: 24 Апрель 2021
на канале: IppSec

21,115

644

00:00 - Intro
00:57 - Start of nmap discovering the HTTP Site bucket.htb
03:30 - Poking at the website, using the developer console to discover s3.bucket.htb
05:00 - Using curl to view HTTP Headers and discovering amazon
05:30 - Oh god... I forgot to edit the URL in this gobuster! Actually created a feature request in GoBuster to fix this mistake from happening.
05:45 - Installing AWS CLI
06:30 - Using the aws to connect to a custom endpoint, then configure credentials
07:30 - Exploring the S3 Bucket
09:25 - Using S3 to add a reverse shell to the website
11:15 - Reverse Shell returned, spending some time to start taking notes.
16:30 - End of notes, poking around on the terminal to find
19:00 - Discovering some weird ports, checking the apache configuration to see if they are related
20:55 - The Apache mpm_itk_module specifies the site is running as root and not www-data
23:50 - Poking at DynamoDB to get user credentials
26:10 - Doing some jq fu to get exactly the information we want and building a username/password list
30:00 - Explaining extended file attributes and using getfacl to see Roy can access bucket-app
33:30 - Exploring the bucket-app to see it pull information from DynamoDB to build PDF's
35:05 - Using Flameshot to explain exactly what is happening in the code
40:00 - Looking at pd4ml (library used to make PDF) to see we can attach a file
41:45 - Doing a port forward to forward port 8000 back to our box
43:00 - Creating the alerts table in DynamoDB
45:50 - Creating the JSON Document we want to insert into the alert table
48:10 - Using AWS dynamodb --put-item to put the document into the table
49:50 - Creating the PDF and pulling /etc/passwd from the server
52:00 - Because this is java if we fopen a directory, we get a listing, discovering .ssh
53:00 - Pulling the SSH Key
54:22 - Exploring our notes to see what else we wanted to do
56:20 - Showing off the timeline plugin in obsidian

Смотрите видео HackTheBox - Bucket онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал IppSec 24 Апрель 2021. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 21,115 раз и оно понравилось 644 посетителям.

443