HackTheBox - Chainsaw


01:05 - Begin of recon
02:45 - Downloading and analyzing the files off the anonymous FTP Directory
05:00 - Looking into solidity to see what these files are about
06:30 - The full portscan finished, trying to find out what port 9810
07:05 - Recommended reading to understand blockchain fundamentals
08:30 - Begin writing the script to interact with the smart contract
12:50 - Calling the getDomain function, then setting the domain to our IP and seeing the ping
15:30 - Command injection found, getting a reverse shell via bash
17:10 - Checking the source code to see why this worked
19:50 - Looking into what IPFS is (found in administrators home directory)
21:33 - Running ipfs refs local to list all files
21:50 - Dropping a SSH Key so we can get off this reverse shell
23:15 - Writing a loop around ipfs refs local to list all the files, then cat the emails.
26:45 - Cracking the SSH Key with sshng2john and john
29:27 - Exploiting the ChainsawClub via path injection and the program executing sudo via a non-absolute path
32:40 - Explaining the package managers place things in */local/* directories.
33:30 - Writing a loop around dpkg --search to find binaries in the path that the systems package manager doesn't know about
36:11 - Explaining file blocks and slack space
37:25 - Using bmap to extract data out of slack space
39:50 - Exploiting ChainsawClub the intended way by playing with the smart contract
47:00 - Calling setUsername to create ippsec, then setPassword to create a password
51:20 - Running setApprove and transfer to satisfy the other things, then logging into the ChainsawClub

HackTheBox - Chainsaw HackTheBox - Chainsaw Reviewed by Unknown on November 23, 2019 Rating: 5