HackTheBox - Kryptos


00:45 - Begin of Recon
02:50 - Examining login request while GoBuster runs
05:35 - Noticing weird behavior by modifying db parameter in login request
07:30 - Finding what the Error numbers mean. (SQL Error Codes)
08:50 - Testing if we can trick the application into authentication against us
09:50 - Starting up metasploit to steal the login hash of a MYSQL Login
12:30 - Cracking the MySQL Hash with Hashcat
16:45 - Creating a databse locally for the application to authenticate to
23:00 - Examining what MySQL Does after authentication in Wireshark
24:30 - Creating the database structure so the application will authenticate against our database
27:00 - Begin of the File Encryptor PHP App
27:30 - Performing a Known Plaintext attack against the RC4 Encryption
28:50 - Explaining the Known Plaintext
37:00 - Creating a Python Script to perform a SSRF attack and decrypt content
54:25 - Script done, discovering a LFI Exploit in /dev/
57:30 - Using PHP Filters to convert LFI to source code disclosure
59:50 - Extracting sqlite_test_page.php source code
01:01:00 - Manually analyzing the source code to discover a way to write files
01:03:00 - Checking PayloadAllTheThings to get a payload for dropping files
01:15:38 - Testing dropping a php script for code execution
01:18:00 - Using Chankro to bypass PHP Disabled functions
01:20:45 - Creating a PHP Script to download Chankro Script to avoid bad characters in the RCE
01:24:50 - Reverse shell returned, finding a VIMCrypted file in Rijndael Home
01:25:35 - Decrypting Creds.txt with a known plaintext attack in VimCrypt 02 (Blowfish)
01:28:20 - Downloading the files to our local box and explaining the attack
01:30:30 - Copying our Python Script from earlier and modify it to work with our VIM File
01:38:20 - Decrypted the creds and use them to SSH
01:39:10 - Analyzing the kryptos.py file
01:41:00 - Testing how random the random is
01:46:00 - Creating a python script to bruteforce the key as we know the randomness is broken
01:57:00 - Script to brute force signing key done
01:58:45 - Getting code execution within the eval statement
02:04:30 - Extra content, showing by using the encrypt method twice early on — you can decrypt pages

HackTheBox - Kryptos HackTheBox - Kryptos Reviewed by Anonymous on September 21, 2019 Rating: 5