HackTheBox - Sunday

xUrq29OTSuM/default.jpg

00:48 - Begin of NMAP Discovery of Finger
03:36 - Enumerating Finger with Finger-User-Enum
05:00 - Nmap'ing all port quickly by lowering max-retries
08:40 - Adding an old Key Exchange Alogorithm to SSH
09:30 - Showing Hydra doesn't work, then using Patator
(Patator also can do Finger Enum! Try it out)
11:19 - Using find to count lines in all wordlist files
14:07 - Logged in with sunny:sunday
14:45 - Grabbing /backup/shadow.backup and cracking sha256crypt with Hashcat
16:46 - Just noticed this box is oooooold, try to privesc with sudo and ShellShock (Fail)
18:53 - Privesc by overwriting the /root/troll binary
== Box Done
23:30 - Using wget to exfil files quickly
24:50 - Viewing what wget --post-file looks like
25:50 - Creating a PHP Script to accept uploaded files
27:30 - Hardening our upload location to prevent executing PHP Files and/or reading what was uploaded
29:10 - Starting a php webserver with php -S (ip):(port) -t .
31:10 - Replacing the root password by changing the shadow file
33:30 - Demoing a way to create directories and upload files!

xUrq29OTSuM/default.jpg
HackTheBox - Sunday HackTheBox - Sunday Reviewed by Anonymous on September 29, 2018 Rating: 5