Myvideo

Guest

Login

HackTheBox - CozyHosting

Uploaded By: Myvideo
6 views
0
0 votes
0

00:00 - Introduction 01:00 - Start of nmap 03:10 - Identify JSESSIONID with nginx, but nginx appears to be configured correctly 06:00 - Googling the error message to identify the page uses SpringBoot, using a SpringBoot wordlist to find actuators! 10:30 - Using the Sessions Actuator and seeing a session for kanderson, logging in to get to the admin interface 14:15 - Finding RCE in the ExecSSH Page 23:20 - Shell on CozyHosting, looking at running services 26:00 - Examining the CozyHosting Jar to identify PostGres credentials then dumping the users table and cracking hashes 33:00 - Josh can run SSH with sudo, using proxy command to get root 34:10 - Explaining what ProxyCommand is

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later