HackTheBox - Wall

00:55 - Start of recon 02:30 - Running GoBuster to discover the /monitoring directory 03:50 - Running hydra to try to brute force the HTTP Authentication (Does not work due to it being a secure password) 05:20 - Bypassing the AUTH Request by changing to a POST — Explain why this works later 06:30 - Looking at the Centreon Changelog to look for any exploits 08:10 - There aren’t any unauthenticated exploited, lets brute force a login. The main way uses a CSRF Token. 08:50 - Bypassing the CSRF by using the Centreon API 12:00 - Using wfuzz to brute force the API Login and get admin:Password1 14:15 - Changing the Monitoring Engine Binary under Configure Pollers to get code execution 16:15 - Trying to ping ourselves, find out we can’t use space 17:10 - Using IFS to instead of space 20:11 - Ping worked, trying to do a Reverse Shell 23:50 - The reverse shell didn’t work lets do some debugging 25:55 - Adding a semicolon at the end of the script and getting a reverse shell 26: