youtor.org
HackTheBox Previse
>> YOUR LINK HERE: ___ http://youtube.com/watch?v=LI9mw1rMKVw
00:00 - Intro • 01:00 - Start of nmap • 02:00 - Running GoBuster, discovering the redirects have filesizes • 03:00 - Showing the Execute After Read vulnerability (EAR) by using BurpSuite to hit / and discovering the page • 04:00 - Using grep to show us only what we want (oP) • 06:30 - Using BurpSuite to intercept the response to the request so we can disable the redirect (EAR). Then using the webform to create an account (IDOR) • 08:00 - Examining the website source, using grep to look for places with user input • 11:30 - Testing the logs.php page for shell injection, then getting a reverse shell • 13:30 - Going into the webconfig to get database creds, then dump and crack creds • 19:50 - Testing local users with the passwords from the database to get m4lwhere's creds • 20:25 - Checking sudo to see something is weird, the env_reset/secure_path is not there. (this is configured in /etc/sudoers) • 22:10 - Explaining Path Injection, then taking advantage of a script in sudo not using absolute paths • 25:30 - Going back to explain things, weird behavior of the webserver always hanging. Maybe it was trying to send me a webshell? idk • 28:00 - Fuzzing parameters of accounts.php to create accounts. But first discovering how important the Content-Type header is! • 30:50 - Using WFUZZ to fuzz the confirmation parameter • 35:20 - Explaining how the EAR Vulnerability happened in the code and how to fix it
#############################
