youtor.org
HackTheBox Academy
>> YOUR LINK HERE: ___ http://youtube.com/watch?v=yQl5RA6APyQ
00:00 - Intro • 01:30 - Start of nmap • 03:00 - Adding academy to our host file, then taking a look at the web page • 08:50 - Discovering a weird port (33060), attempting to enumerate it manually • 13:15 - Discovering admin.php from our gobuster results • 14:20 - Playing with having spaces in usernames, then seeing roleid in the parameter • 16:30 - Creating and logging in with an admin to see a new vhost • 18:00 - Looking for Laravel Exploits, finding a metasploit module • 19:00 - Getting the APP_KEY from the laravel error page, which is needed for exploitation • 19:50 - Using metasploit to exploit Laravel and send the requests through burpsuite so we can analyze the exploit • 21:30 - Analyzing the exploit, going to CyberChef to decrypt the payload • 27:30 - Reverse Shell returned • 31:50 - Looking at .env files to get passwords, then failing at logging into the database • 33:40 - Creating a list of users on the box • 36:10 - Running crackmapexec with users and the password we found • 38:45 - Running LinPEAS • 43:40 - We are in the ADM Group so taking a look at /var/log • 48:50 - Looking at AuditD logs, then running aureport to get more details • 54:30 - Finding mrb3n can run sudo, then doing a simple GTFOBin with composer to get root
#############################
