HackTheBox - Admirer
01:15 - Doing nmap quickly by not running scripts to get open ports, then using that output to run scripts.
04:50 - Checking out the webserver, discovering
07:55 - Running gobuster on the admin-dir with the extensions txt and php
11:15 - Finding within that admin-dir
13:15 - Logging into FTP to discover the web directory source
21:30 - Running gobuster again on utility-scripts to discover
24:55 - Going to adminer and trying to login
27:10 - Bypassing adminer authentication by creating a MySQL Database
31:45 - Failing to drop a file in adminer
34:30 - Using LOAD DATA LOCAL to insert a file into our database
38:05 - Uploading the servers to our database and discovering the password
39:00 - SSH into the server with the password found before
41:50 - Sudo allows us to set environment variables, using PYTHONPATH to hijack a python library... Failing to get a rev shell
49:00 - Switching to nc for a revshell and getting a root she
4 months ago 00:10:23 1
7 months ago 00:00:00 1
9 months ago 00:04:06 1
9 months ago 00:32:44 18
9 months ago 00:34:38 2
9 months ago 01:27:34 5
9 months ago 00:37:18 6
9 months ago 00:41:25 5
9 months ago 01:46:13 2
9 months ago 01:12:42 4
9 months ago 00:26:29 1
9 months ago 02:06:46 2
9 months ago 00:54:43 11
9 months ago 02:05:30 1
10 months ago 00:33:44 1
10 months ago 00:27:16 1
10 months ago 00:30:39 1
11 months ago 11:21:04 1
1 year ago 05:30:24 3
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
