HackTheBox - Sau
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- 00:00 - Intro
00:40 - Start of nmap
02:00 - Examining the website, playing with the basket, trying SSTI/SQL Injection special characters
04:30 - Looking at the settings, discovering we can perform a SSRF and get the response back. Grabbing localhost:80
06:10 - The local website runs maltrail 0.53, examining the exploit then manually exploiting it to get a shell
09:10 - Shell returned, checking if we really needed to encode the payload
13:00 - When systemctl runs status, it sends us to less which we can escape out of and run as root
Nice walk through! For reading files within `less`, you can use similar syntax to what you had in executing the shell - `!cat `. This will print out the contents of whatever you supply in place of ``. This will work in most things that use pagers, such as `less`, `more`, `vim`, etc. I have no doubt you are aware of this IppSec, I just wanted to be thorough for anyone who reads your comments and wants to learn/understand more.
Happy new year! Thanks for all the amazing videos
Welcome back, Ippsec! Thank you for your content!
Always top notch quality content.
A simple comment to appreciate the content here and leave some love for it. ❤
Happy new year! Pro
Happy new year, Ippy. We missed u
11:40 running systemd trail command with sudo executes root shell
❤❤
Ippsec rocks! 🙂
♥️
💙💙
Tsk, shame I didn't make it through this one.
Push!
sudo. I repeat sudo!!!!
hey ippsec, do you know how many time i need to wait to post a machine writeup?
i posted a video here on youtube solving Surveillance one week after the original release, when the Insane machine was already released but HTB deleted it alleging spoiler and copyright
you need to wait until it's retired
Did the nmap scan took you 5 hours to do?
Around 10 min bro
But 5 hours wtf
I didn't understand the ssrf part
I thought you already made video on this hmm, False memory ig.
♥️♥️
❤
❤❤