HackTheBox - CrimeStoppers

bgKth1K44QA/default.jpg

01:18 - Begin of Recon: Getting ubuntu version
04:00 - Navigating to the CrimeStoppers Page
05:15 - First Hint - Read The Source!
05:50 - 2nd Hint - No SQL Databases and playing with the upload form
07:55 - 3rd Hint - Setting Admin cookie to 1 to see whiterose.txt
09:00 - Explanation of PHP App and why I went down testing $op parameter
10:45 - Testing $op parameter, another hint what year is it?
12:20 - Finding out $op appends .php
13:05 - Using php b64 filter to view php files ("Read the source luke")
22:50 - Looking into PHP Wrappers to try to gain code execution
24:50 - Placing our PHP Script in a zip so we can reference it with zip://, also improperly upload it to the server
26:20 - Attempting to use the zip:// wrapper to execute our php script, then troubleshooting the bad upload.
30:30 - Easy way to copy binary data into BurpSuite (Base64)
34:10 - Getting a shell
37:18 - Downloading ThunderBird Directory and reading email + getting dom's password
46:20 - Begin of looking into Apache Rootkit (mod_rootme)
48:04 - Begin of using r2 (Radare) to analyze rootkit, basic intro
50:55 - Analyzing DarkArmy Function
55:30 - Grabbing the strings and using python to XOR them to get secret that allows root
58:35 - Get Root
##### BOX DONE
59:10 - Potential rabbit hole in the binary /var/www/html/whiterose.txt in the binary
01:04:20 - Second way to get root, looking around at file modification times to find FunSociety in logs

bgKth1K44QA/default.jpg
HackTheBox - CrimeStoppers HackTheBox - CrimeStoppers Reviewed by Unknown on June 02, 2018 Rating: 5