HackTheBox - Holiday

FvHyt7KrsPE/default.jpg

Articles Mentioned:
https://ictf.cs.ucsb.edu/pages/the-20...
https://thehackerblog.com/poisoning-t...

00:46 - NMAP Scan and Review
01:53 - GoBuster and identify User Agent based Routing
04:09 - SQLMap the Login
08:00 - Login to the page
08:55 - Begin of XSS
11:15 - Bypass first XSS Filter
14:45 - Encoded JS Payload - Getting XSS to call back to us
16:56 - Using Python to encode JS which will call back to us.
24:25 - Executing the paylaod
25:06 - Stage 2 XSS Attack - XMLHttpRequest
31:30 - Troubleshooting, No code works the first time.
36:00 - Stage 2 Fixed.
40:57 - Initial access to /admin
42:00 - Finding Command Injection
43:40 - Explanation of IP "Encoding"
48:40 - Rev Shell obtained
49:30 - How I found out about the IP Encode Trick
51:40 - Begin of PrivEsc



FvHyt7KrsPE/default.jpg
HackTheBox - Holiday HackTheBox - Holiday Reviewed by Anonymous on January 12, 2018 Rating: 5