HackTheBox - Schooled
18.1 هزار بار بازدید -
3 سال پیش
-
00:00
00:00 - Intro FreeBSD Box
01:08 - Start of nmap explaining why versions are useful
04:54 - Discovering hostname on the box, then adding it to our host file
07:20 - Using GoBuster to bruteforce virtual hosts and discovering moodle
08:20 - Searching Moodle on github to find a way to identify Moodle Version
11:27 - Reading the Moodle Security Announcements since the Moodle Version
16:50 - Enrolling in the Math Course the announcement hints at XSS
18:20 - Testing for XSS in our Moodle Net Profile
19:55 - Changing our HTML to load an external script and then stealing cookies via document.write
26:00 - Performing CVE-2020-14321 to escalate from Teacher to Manager in moodle
32:20 - Enabling plugin installation, then uploading a malicious moodle plugin
43:40 - Reverse shell returned
45:50 - Pulling ht MySQL Password from Moodle's configuration and then cracking hashes for users
51:10 - SSH as Jamie, and then using gtfobins and fpm to privesc without setting up a repository
58:40 - Doing the privesc the intended way by setting up a pkg repository
01:08 - Start of nmap explaining why versions are useful
04:54 - Discovering hostname on the box, then adding it to our host file
07:20 - Using GoBuster to bruteforce virtual hosts and discovering moodle
08:20 - Searching Moodle on github to find a way to identify Moodle Version
11:27 - Reading the Moodle Security Announcements since the Moodle Version
16:50 - Enrolling in the Math Course the announcement hints at XSS
18:20 - Testing for XSS in our Moodle Net Profile
19:55 - Changing our HTML to load an external script and then stealing cookies via document.write
26:00 - Performing CVE-2020-14321 to escalate from Teacher to Manager in moodle
32:20 - Enabling plugin installation, then uploading a malicious moodle plugin
43:40 - Reverse shell returned
45:50 - Pulling ht MySQL Password from Moodle's configuration and then cracking hashes for users
51:10 - SSH as Jamie, and then using gtfobins and fpm to privesc without setting up a repository
58:40 - Doing the privesc the intended way by setting up a pkg repository
3 سال پیش
در تاریخ 1400/06/20 منتشر شده
است.
18,135
بـار بازدید شده