HackMyVM Klim

>> DIRECT DOWNLOAD LINK 🎞️ #1 <<

>> DIRECT DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎞️ #3 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

YOUR LINK HERE:

http://youtube.com/watch?v=Q5uPuGRaam0

any action done in the video is only for educational purpose only • Timestamps • 00:00 - Intro • 00:20 - Runnning netdiscover to find the IP of the box • 00:21 - Start of nmap scan enumerating apache2 • 00:46 - Running gobuster to find directories • 1:06 - Visiting /wordpress and enumerating WordPress for users and posts • 2:07 - Running wpscan to enumerate for users brute force user klim • 3:19 - Looking under wp-content to find a picture that has stego (really CTF'y) • 3:50 - Using stegseek to brute force the password viewing the data dump • 4:28 - Going to cyber chef to URL Decode • 4:50 - Viewing the log and pwd params and it contains a password for klim • 5:02 - Using the password found on WordPress • 5:10 - Getting a login successful as klim! • 5:13 - Creating WP Plugin Uploading a WordPress plugin to get RCE • 7:01 - Getting RCE and we are www-data • 7:04 - Sending the request through BurpSuite to get a reverse shell • 8:15 - We got our shell! • 8:20 - Spawning a TTY shell • 8:40 - Doing manual enumeration on users under /home finding a executable • 8:52 - Finding out we can run the executable as klim with no password • 9:01 - Enumerating config file (wp-config.php) for WordPress and trying a password reuse for the user • 9:37 - We don't know what the executable to doing so we use gdb-peda to find what the program is executing • 11:53 - Creating our own file to see if the executable will use the /usr/bin/cat command to cat our file • 12:55 - Using the executable to cat out klims SSH private key • 13:15 - Setting permission for the private key and logging in as a user • 13:43 - Doing manual enumeration and find a SSH public key for root • 13:52 - Finding out if the key was generated by ssh-keygen or openssl • 14:18 - Looking for an exploit for openssl • 14:47 - Using wget to get our keys using tar to extract the keys • 15:23 - Using wget to get our exploit running the exploit • 16:30 - Running our exploit • 16:46 - The key was found! • 16:53 - Using the key found to log into root • 16:59 - Got root catting out our root.txt

#############################