HackTheBox - Ariekei

Pc4tzsn-ats/default.jpg

00:23 - Explaining VM Layout
01:47 - Nmap Start
05:20 - Poking at Virtual Host Routing (Beehive & Calvin)
10:25 - Fixing GoBuster to find /cgi-bin/
11:48 - Enumerating WAF (Web Application Firewall), to see how it detects Shells
hock
15:08 - Using VirtualHostRouting to navigate to Calvin.htb.htb
18:15 - Using ImageTragick to exploit Calvin
25:30 - Calvin Reverse shell returned
31:35 - Poking at /common, which allows pivot to Bastion Host
34:20 - SSH into the Bastion Host
38:45 - Explain SSH Local and Remote Port Forwarding
46:00 - Beehive Reverse Shell Returned
50:00 - Finding the root password via /common/containers/bastion-live/Dockerfile
54:50 - PrivEsc via Docker (much like the LXC shown in Calamity)
57:05 - Getting root access to filesystem
==== BOX DONE.
58:10 - Failing to get root shell via Crontab
01:06:20 - Yeah screw crontab, lets just create an ssh key.

Pc4tzsn-ats/default.jpg
HackTheBox - Ariekei HackTheBox - Ariekei Reviewed by Anonymous on April 21, 2018 Rating: 5