HackTheBox - Waldo

1klneIHECqY/default.jpg

01:15 - Begin of Recon
02:00 - Looking at what Filtered means in Nmap
05:00 - Start of looking at webpage (GoBuster)
06:30 - Manual HTTP Enumeration
09:50 - Start of exploiting with BurpSuite
17:00 - SSH Key Found, logging in with nobody
19:12 - Discovering a second SSH Server
23:36 - Using the same SSH Key to login to the second SSH Server as monitor
24:38 - Escaping rBash by modifying an executable file in our current $PATH
28:13 - Running LinEnum.sh to search for PrivEscs
30:50 - Enabling ThoroughTests in LinEnum to see what else it will check
36:30 - Looking into capabilities permission sin linux
39:00 - Begin of second way to escape rBash and setup a SSH Tunnel for fun

1klneIHECqY/default.jpg
HackTheBox - Waldo HackTheBox - Waldo Reviewed by Anonymous on December 15, 2018 Rating: 5