HackTheBox - Devvortex
00:00 - Intro
01:00 - Start of nmap
03:45 - Discovering dev.devvortex.htb is a Joomla Page, showing JoomScan and enumerating version manually through manifests
07:00 - Looking for Joomla Exploits for version 4.2.6, discovering a way to view application config as an unauthenticated user
09:40 - Start of deep dive into the exploit, looking at commits on the day the advisory said this was patched
10:50 - Showing the fix just shows it is a mass assignment vulnerability, looking at how this works
17:10 - Showing fuzzing for arguments with ffuf would have caught this
26:18 - Logging into Joomla, then placing a shell in the Joomla Templates
32:15 - Logging into the database, cracking a hash to gain access to another user
35:30 - Taking a look at sudo discovering apport-cli, gtfobins comes up with nothing, looking at the version to discover an exploit within how it uses PAGER
Пікірлер: 28
I just love your content
If ippsec is confuse, then everyone is confuse.
@elcapitanodeltimbuktu1O1sir
16 күн бұрын
😂
Awesome video as always! Looking forward to the next one :)
Started watching ippsec since popcorn
@elcapitanodeltimbuktu1O1sir
22 күн бұрын
I'm From 6 Year Ago Don't Remember What Exactly I Watched 😅
Thanks for the knowledge!
Hey Lois, remember the time I became IppSec and recorded a video for HackTheBox? 0:00
Thank you very much! Please do more!!! Subscribed already.
I loved this, as usual
How long does it take you to do an easy box on average
Hi there! I love your videos, and I recently started doing HackTheBox CTFs with free plan. But unlike other platforms, I face some issues when connecting to the machines. I use my Kali Linux VM to connect to the machines with a VPN, but the latency is so large that I can't even properly do some basic recon. Is there anything I can do to resolve this? I'm having a hard time using the machine because of the latency. I tried different regions and both the UDP and TCP protocols for the VPN file, but there was no change. Am I missing something, or is there anything I can do to resolve this? Oh, BTW, I'm from India.
hail to the king
I wonder if the fix can be bypassed by encoding the 'public' GET parameter
Hi ippsec, how do you get a fully interactive powershell reverse shell ?
😊😊
Push!
Please make video for Usage machine
Please hacking Environment setup vedio with Parrot HTB
@0xazyz897
23 күн бұрын
he already made a video about that
how does he split the terminal?
@user-sx5to6xl4g
22 күн бұрын
he uses tmux - He got an entire video dedicated to tmux there he explains how to split the terminal using it.
you insipire me so much to crreate my own channel
But where is the root flag?
PHP sees everything you put in ?public as a string. So "false" and "0" is not false and 0 😊