00:00 - Intro 00:54 - Start of nmap 02:00 - Taking a look at the website 10:00 - Running gobuster against and discovering a vendor directory that has phpunit 11:45- Exploiting phpunit to get a shell on the box 15:15 - Shell recieved on the box as www-data 17:20 - Looking for files owned by www-data on the box by using find to discover /var/backups/info 19:30 - Running strings against the /var/backups/info file and discovering a hex string that is a shell script. Using CyberChef to decode it and gain access to steven 25:00 - ssh in as steven, talking about the duplicate users as steven and steven1 have the said uid/gid 27:00 - Talking about timestamps, my favorite way to find tools left behind by hackers 28:15 - Using find -type f -printf “%T %p “to show the full time stamp for files 30:45 - Using find to find files that were created 00:00:00, which is an indication of time stomping. Discovering a backdoored copy of sshd 33:40 - Running the
Hide player controls
Hide resume playing