Myvideo

Guest

Login

HackTheBox - Analytics

Uploaded By: Myvideo
18 views
0
0 votes
0

0:00 - Introduction 01:00 - Start of nmap 03:20 - Discovering Metabase, noticing the HTTP Headers are different. Checking TTL just to see if it decrements from the main web page. 07:00 - Searching for an exploit for metabase, then enumerating version 09:30 - Manually exploiting Metabase by pulling the setup-token, then getting injection on the /setup/validate endpoint through the JDBC Driver 15:50 - Reverse shell returned 18:30 - Discovering credentials in the environment variables, then ssh into the box 20:12 - Googling the kernel to discover its vulnerable to GameOverlay 24:00 - Explaining the gameoverlay exploit (CVE-2023-23640, CVE-2023-32629) 25:50 - Stepping through the exploit manually to understand how the overlay fs works, and what the exploit did to abuse it 28:10 - Looking into the permissions of the binaries that were created

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later