HackTheBox - Analytics
ฝัง
- เผยแพร่เมื่อ 26 มิ.ย. 2024
- 0:00 - Introduction
01:00 - Start of nmap
03:20 - Discovering Metabase, noticing the HTTP Headers are different. Checking TTL just to see if it decrements from the main web page.
07:00 - Searching for an exploit for metabase, then enumerating version
09:30 - Manually exploiting Metabase by pulling the setup-token, then getting injection on the /setup/validate endpoint through the JDBC Driver
15:50 - Reverse shell returned
18:30 - Discovering credentials in the environment variables, then ssh into the box
20:12 - Googling the kernel to discover its vulnerable to GameOverlay
24:00 - Explaining the gameoverlay exploit (CVE-2023-23640, CVE-2023-32629)
25:50 - Stepping through the exploit manually to understand how the overlay fs works, and what the exploit did to abuse it
28:10 - Looking into the permissions of the binaries that were created
"womp womp" 😂😂
Great video, I appreciate the breakdown of the gameoverlay exploit
Amazing as usual😊
Great as always
Nice video!
"and its banner tells us its an Ubuntu server"
This can take some time to run so I have already ran it, looking at the results, we just two ports open, the first one being SSH on port 22 ...
Its pretty iconic at this point lol
Push!
Hey Ipp, are you friends with Little Bobby Tables?
Great vid. Hey Ipp, could you do the walkthrough for P.O.O Endgame. I would appreciate it.
Sir how can i make videos like you without being demonetized or getting a channel strike
As long as you’re not copyrighting, teaching people to do things for nefarious purposes, or breaking common TOS rules, you should be fine. This falls under educational content
@@denic6861 Thank you
!!!