HackTheBox Sau

>> YOUR LINK HERE: ___ http://youtube.com/watch?v=H6QfYGeGdGQ

00:00 - Intro • 00:40 - Start of nmap • 02:00 - Examining the website, playing with the basket, trying SSTI/SQL Injection special characters • 04:30 - Looking at the settings, discovering we can perform a SSRF and get the response back. Grabbing localhost:80 • 06:10 - The local website runs maltrail 0.53, examining the exploit then manually exploiting it to get a shell • 09:10 - Shell returned, checking if we really needed to encode the payload • 13:00 - When systemctl runs status, it sends us to less which we can escape out of and run as root

#############################

New on site

Bancomer Mexico
Googliness And Leadership Questions
Nemanja Sekulic
Sachin Tendulkar
Llamadas Perdidas Guitarra
Capsule Wardrobe
Menadzer Tatijana Stefanovska
Cortella Podcast
Negotiations Minikit
Cayan Tower Dubai