HackTheBox - Reddish

Yp4oxoQIBAM/default.jpg

00:55 - Begin of Recon (Port Scans)
04:09 - Reverse Image Searching an favicon to get application used
08:20 - NODE-RED: Reverse Shell Returned
15:30 - NODE-RED: Running IP and Port Scans to identify lateral movement targets
24:29 - Downloading Chisel (Go Program for Tunnels).
25:00 - Shrinking Go Programs by using ldflags and upx packing from 10Mb to 3Mb!
27:00 - PowerPoint: Explaining Reverse Pivot Tunnel using Chisel
31:25 - WWW: Tunnel online, examining the website
34:23 - Full Port Scan to 172.19.0.2, discover REDIS
36:30 - Searching for ways to execute code against REDIS
38:07 - Using REDIS to create a PHP Shell
41:06 - PowerPoint: Explaining Local Pivot Tunnel using Chisel
44:30 - WWW: Reverse Shell Returned
45:45 - Notice wildcard used with RSYNC, go search GTFOBins
51:32 - Abusing the wildcard within RSYNC
57:23 - WWW: Got Root, but no flag... Lets go look at RSYNC again.
01:00:15 - Explaining how to tunnel from Backup - WWW - NODE-RED - Kali
01:17:50 - Getting reverse shell on BACKUP via uploading CronJob through rsync
01:20:30 - BACKUP: Reverse Shell Returned... No root.txt here either!?
01:26:30 - BACKUP: Noticing this is has /dev/sda*, where other dockers do not
01:28:15 - BACKUP: Dropping a cronjob on root disk to get shell on the host
01:30:45 - ExtraContent: PowerPoint Reverse SOCKS5 Proxy with Chisel

Yp4oxoQIBAM/default.jpg
HackTheBox - Reddish HackTheBox - Reddish Reviewed by Unknown on January 26, 2019 Rating: 5