Myvideo

Guest

Login

HackTheBox - Curling

Uploaded By: Myvideo
10 views
0
0 votes
0

01:12 - Begin of Recon 01:55 - Running Cewl to generate a wordlist 02:50 - Finding in the HTML Source, which happens to be the password 03:28 - Runninh JoomScan so we have something running in the background 04:20 - Checking the manifest to get the Joomla Version 06:20 - Explaining what equals mean in base64 07:50 - Begin of hunting for Joomla Username 08:30 - BruteForcing Joomla Login with WFUZZ 10:35 - Troubleshooting by sending wfuzz through burp 12:25 - Turns out the CSRF Token is tied to cookie, adding that to the wfuzz command 17:10 - Success! Logged into Joomla 17:58 - Gaining code execution by modifying a template 20:20 - Getting a reverse shell 23:20 - Finding the file: password_backup which is encoded 23:55 - Extracting password_backup manually with xxd, zcat, bzcat, tar 25:43 - Extracting Password_Backup with CyberChef 27:35 - Logging in with Floris 28:17 - Looking at /home/floris/AdminArea 28:50 - Testing the input file by changi

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later