HackTheBox - Tabby
00:00 - Intro
00:55 - Start of Nmap
01:25 - Taking a look at the web page
02:40 - Discovering Megahosting.HTB and adding it to /etc/hosts
04:04 - Playing with news.php and explaining the logic of LFI
08:40 - Discovering it is a file_get_contents(), which means we can skip all our "RCE Tests" as it won't execute PHP Code
11:20 - Poking at Tomcat and hunting for its tomcat-users.xml file to use with our LFI on apache2
17:30 - Uploading a JSP Webshell to tomcat with credentials found in tomcat-users.xml
20:20 - Using Curl to upload the JSP webshell.
23:10 - Whoops was uploading to the wrong port and then forgot to convert the JSP to a WAR File
25:38 - Reverse shells having trouble running due to bad characters.
27:55 - Downloading the shell to disk, then executing it in order to avoid special characters
31:15 - Reverse shell returned and TTY fixed. Discovering an encrypted zip file that we crack with John
35:00 - Exploring the Zip file to find there's nothing really interesting
39:00 - Trying the zip password as users on the box and getting a shell as Ash, dropping an SSH key and logging in with ash
42:00 - Running linpeas
43:00 - Discovering user is a member of LXD Group
44:42 - Building an alpine container, then uploading it to the target machine
47:45 - Uploading the alpine container and using lxc to privesc
Пікірлер: 45
"If i can type or if i can talk it will surely help me" -ippsec 2020
i got a good laugh watching you look for tomcat user file when the path was in the text of the default tomcat page on 8080😂
Am now using port 9001, to respect the legend ippsec
" file is pulling some type of file " ippsec - 2020
Simply AWSOME. Thanks 4 all the time U putting 4 these videos!
Really cool to see you struggle the same as me sometimes. I didn't know that cd without arguments goes to HOME as well :D
Respect for this man...What a dedication towards serving the community. my biggest inspiration ..
As always awesome man keep it up
We love u man coz ur awesome
Excellent
My brother you are the best
tomcat-users.xml was in /etc/tomcat9 folder, see 11:36 minute at the bottom of the tomcat default page
i love u dude
Awesome!
Thank you!
Thanks for showing this without Metasploit!
love u
This was good! I loved it sweetheart! 💋💝
U awesome dude
Haven't watched it yet but I do know that the next 52m will be a really exciting one ;)
@tanishbhandwalkar-scarlet-8524
3 жыл бұрын
Yeahh It's fun watching him doing it
Thank you
hashcat can crack zips. They added support for cracking zip files.
"See you all next time" was hoping for a possible ropetwo retire next week lel
I would like to know wich Keyboard are you using. I love the sound! xD
@ippsec
3 жыл бұрын
Ducky Zero
@P3droo96
3 жыл бұрын
@@ippsec thank you so much
awesome :D
05:26 dev: "user input is like uh clicking buttons" user: (browse via burp repeater)
@49:47 “sooo man options! -- sure.” You sound like me @ippsec !
3:50 you go over an issue with dns resolving after modifying the /etc/hosts file. I noticed when I type in a spoofed domain from .htb, I get dropped into a google/duckduckgo search. To get around this, I just add to the beginning of the .htb spoofed domain. Works without clearing cache.
34:05 is the reason that we shouldn't crack things in a VM because it is slow (due to lack of GPU)? Or, is there another reason?
Hello. All works fine until the end. lxc gives me an error of "
Why you have not uploaded a PHP reverseshell
Around 25:00 your shell wasn't working so you URL encoded it but it didn't look encoded.
46:54 it's doing something hahahahahhahaha
thanks for making these videos, i said before maybe my age but i often play your videos and 3/4 speed. too fast for me.
is Firefox, i think it some kind of protection against dns filters like pi-hole. thats why personaly i hate FF, cuz is the best browser but has things like this.
why shouldn't you crack passwords in a VM?
@thepinkestmoon
3 жыл бұрын
its just slow
There is a tool "fcrackzip" to crack zip files. I think it can save you some time.
You said you will make a video to clone pwnbox themes into local parrot and never made it Whyyyyyyyyyyyyyyyyyyyyyyyyy
@ippsec
3 жыл бұрын
Because videos isn’t my job. I just haven’t found the time to do that.
@ursr78122
3 жыл бұрын
@@ippsec What is your main job include? Interesting to hear :D