HackTheBox - Writeup
01:04 - Start of recon identifying a debian box based upon banners
02:30 - Taking a look at the website, has warnings about DOS type attacks.
03:17 - Discovering the /writeup/ directory in
04:18 - Checking the HTML Source to see if there’s any information about what generated this page. Discover CMS Made Simple
05:15 - CMS Made Simple is an opensource product. Search through the source code to discover a way to identify version information.
07:30 - Using SearchSploit to find an exploit
09:05 - Running the exploit script with a bad URL and triggering the servers anti-DOS protection
10:10 - Running the exploit script with correct URL and analyze the HTTP Requests it makes via Wireshark to see how the SQL Injection works
16:20 - Explaining how password salts work
19:00 - Using Hashcat to crack a salted md5sum
21:15 - Demonstrating the --username flag in hashcat, this allows you to associate cracked passwords to users
24:14 - Begin of low-priv shell, running LinEnu
5 months ago 00:00:00 1
6 months ago 00:04:06 1
7 months ago 00:32:44 18
7 months ago 00:34:38 2
7 months ago 01:27:34 5
7 months ago 00:37:18 6
7 months ago 00:41:25 5
7 months ago 01:46:13 2
7 months ago 01:12:42 3
7 months ago 00:26:29 1
7 months ago 02:06:46 2
7 months ago 00:54:43 11
7 months ago 02:05:30 1
7 months ago 00:33:44 1
7 months ago 00:27:16 1
8 months ago 00:30:39 1
8 months ago 11:21:04 1
10 months ago 05:30:24 3
10 months ago 01:02:06 16
10 months ago 00:16:21 18
10 months ago 02:09:39 14
10 months ago 00:29:19 2
11 months ago 00:39:17 7
11 months ago 00:42:37 10
