Myvideo

Guest

Login

HackTheBox - Frolic

Uploaded By: Myvideo
23 views
0
0 votes
0

01:16 - Begin of Recon, until around 13 minutes gathering information to avoid rabbit holes 04:04 - Using nc/ncat to verify a port is open (-zv) 11:17 - Doing gobuster across man of the sub directories 13:03 - Examining /admin/ - Examine the HTML Source because login is not sending any data 14:09 - Discover some weird text encoding (Ook), how I went about decoding it 15:44 - Decoded to base64 with some spaces, clean up the base64 and are left with a zip file 19:19 - After cracking the zip, there is another text encoding challenge (BrainF*) 25:11 - With potential information, return to our long running recon for more information 28:49 - Discovering /playsms 32:00 - Reading ExploitDB Articles and then attempting to manuall exploit PlaySMS via uploading a CSV 34:34 - Getting a reverse shell 39:00 - Running 40:00 - Finding the SetUID file: rop 42:00 - Exploiting ROP Program with ret2libc 45:30 - Getting offsets of system, exit, /bin/sh from libc using ldd, read

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later