HackTheBox - Moderators

00:00 - Intro 01:05 - Start of nmap, then going over the website 03:30 - Examining all the pages on the blog 04:40 - Looking at the report parameter, doing some light testing for SQL Injection before moving on to IDOR 07:00 - Using ffuf to bruteforce all reports matching upon a word (phrase) on the page 11:00 - Attempting to figure out if the md5sum in the logs URL is random by submitting the hash to crackstation 13:00 - Discovering a file upload vulnerability, faking a PDF and uploading a PHP Shell 18:25 - When using a PHP Shell System() commands don't work. Uploading PHPInfo to view disabled functions and seeing System is blocked 21:00 - Getting code execution through Popen() which wasn't blacklisted 24:30 - Reverse shell returned 26:55 - Discovering another webserver is running on localhost, turns out to be Wordpress 29:50 - Exploiting the wordpress plugin BrandFolder to get a shell as Lexi 35:00 - Lexi has an SSH Key, using SSH to access the server and then sett