HackTheBox - Olympus

7ifJOon5-G8/default.jpg

01:30 - Begin of Recon, nmap filtered explanation
03:30 - Begin of initial DNSRecon, hunting for a domain name
06:04 - Web page enumeration, finding xdebug in header
09:47 - Installing xdebug plugin in Chrome to show its use
12:50 - Getting a reverse shell on the first docker (Icarus)
15:00 - Setting up nginx to accept files uploaded over HTTP / WebDav
20:30 - Examining the Wireless Capture from Icarus
21:30 - Cracking WPA with aircrack / hashcat
25:00 - Decrypting WPA traffic in Wireshark
27:50 - Enumerating valid usernames via SSH (CVE-2018-15473)
33:15 - SSH into port 2222 with information from Wireless Capture
34:40 - Domain Name found! Time to do a DNS Zone Transfer
36:15 - Port Knocking to open up port 22
40:05 - PrivEsc to root via being a member of the Docker Group

7ifJOon5-G8/default.jpg
HackTheBox - Olympus HackTheBox - Olympus Reviewed by Anonymous on September 22, 2018 Rating: 5