HackTheBox - SecNotes

PJXb2pK8K84/default.jpg

01:05 - Begin of recon
02:45 - Checking out the website
03:50 - Using wfuzz to enumerate usernames
05:45 - Logging in with an account we created
07:23 - Checking out Change Password and noticing it does this poorly
09:25 - Using the contact form, to see if tyler will follow links
14:14 - Changing Tyler's password by sending him to the ChangePassword Page
15:00 - Logged in and find SMB Share with credentials.
16:15 - Found a webshare but not sure the directory it executes from. Begin hunting for a different webserver.
17:48 - Port 8808 found via nmap'ing all ports. Creating a php script to gain code execution
19:15 - Downloading netcat for windows to use as a Reverse Shell
21:14 - Playing with Bash on Windows
22:35 - Finding the administrator password in ~/.bash_history
-- Box done
23:45 - Alternate way to find the .bash_history file
25:36 - Unintended way to bypass the CSRF. SQL Injection + bad Static Code analysis

In the Holiday video, I do a bit more that may be helpful with card type attacks
: https://www.youtube.com/watch?v=FvHyt...

PJXb2pK8K84/default.jpg
HackTheBox - SecNotes HackTheBox - SecNotes Reviewed by Anonymous on January 19, 2019 Rating: 5