HackTheBox - Snoopy

00:00 - Introduction 01:00 - Start of nmap, discovering ssh/dns/http 02:30 - Taking a look at the website 04:00 - Discovering a message about DNS, taking a look at the DNS and discovering zone transfers are enabled 09:40 - Identifying the website is running with PHP Enabled, then running gobuster 13:00 - Attacking the file download and discovering File Disclosure 15:35 - We got lucky discovering the File Disclosure filter bypass, using FFUF which would be make catching this more consistent 19:30 - Automating the File Disclosure by creating a python script 24:30 - Looking at files on the target, discovering the DNS Configuration which has the RNDC Key to update DNS 30:40 - Looking at the NSUPDATE Man page and then adding a the DNS Record and pointing it to us 34:24 - Using python to run a SMTP Server and then having Mattermost's forgot password email us the password reset 39:50 - Using the Mattermost bot to provision a server via SSH which causes it to SSH b