Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec
Let's play Cyber Mayhem! ⚔️
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.
HBG streaming is not allowed currently, but stay tuned as cool updates are coming up! Currently, we are on Early Beta, so battles are available for VIP and VIP+ players.
Play Hacking Battlegrounds here: https://app.hackthebox.eu/battlegrounds/lobby
Read more info about HBG: https://www.hackthebox.eu/press/hacking-battlegrounds
HBG is here! Get Ready, Set, PWN! 🏁
00:00 - Introduction
01:43 - Logging into Battlegrounds
04:30 - Going over my current workflow/setup.
06:25 - My Start Battlegrounds script, just setting up a WWW Directory with my IP Address.
07:20 - Going over a script I use to quickly SSH into the defending castles.
08:15 - The Get Flags script, which just SSH's into machines and cats flags.
09:10 - Going over Metasploit.
10:10 - Setting up BurpSuite to only intercept traffic to the castles.
11:50 - Doing a dry run of setting up my scripts, while I wait for a queue.
13:15 - Showing my favorite incident response command, ps -aef --forest.
13:45 - Going into a processes /proc/ directory to look at their current working directory.
16:15 - Match Found! Going into the lobby and downloading an OpenVPN Key.
17:50 - Match Started, setting up the battleground script and going to each castle, then pressing: Ctrl+Shift+R
18:50 - Assigning a box to myself to notify the team I'm working a box and logging into the blue box.
19:25 - Intercepting a login request, seeing this is XML, trying XML Entity Injection.
20:50 - Grabbing the SSH Key for Olivia and logging in.
22:20 - Discovering how to patch this vulnerability and validating our patch (libxml_disable_entity_loader).
23:40 - Finding Olivia's password, running sudo and seeing there are a few GTFOBins to privesc
24:50 - Running SYSCTL to dump the root's SSH Key and logging into the box.
26:30 - Doing some light Incident Response on our box to hunt for revshells. I missed a shell here! Metasploit can be found at PID 3437...
28:40 - Starting a TCPDump and then logging into the other castles.
31:00 - Finally found the reverse shell! on our box. Checking the current working directories
32:10 - Grabbing the IP Address of the shell to look at HTTP Access Log. Still don't really see any malicious HTTP Requests.
35:50 - Incorrectly killing the process, then running TCPDump.
38:30 - Killing their shell for real this time.
39:50 - A different box got owned, finding a reverse shell.
42:00 - Tobu keeps getting a flag on another box but has no shell, doing some incident response to find out what happened.
43:00 - Checking a theory on how to access the flag (LFI with file:///etc/passwd). Then doing a bad/hacky patch to prevent the flag from being passed into the parameter.
47:00 - Doing a bad job analyzing that TCPDUMP we captured earlier with Wireshark.
51:15 - Examining the HTTP Headers to /blog, to discover an Xdebug header, checking the exploit in Metasploit.
52:49 - Doing some IR against our meterpreter session. Seeing how well it stays hidden prior to running a shell.
54:30 - Disabling Xdebug. 😎⚔️🎮🏁
Видео Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec канала Hack The Box
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.
HBG streaming is not allowed currently, but stay tuned as cool updates are coming up! Currently, we are on Early Beta, so battles are available for VIP and VIP+ players.
Play Hacking Battlegrounds here: https://app.hackthebox.eu/battlegrounds/lobby
Read more info about HBG: https://www.hackthebox.eu/press/hacking-battlegrounds
HBG is here! Get Ready, Set, PWN! 🏁
00:00 - Introduction
01:43 - Logging into Battlegrounds
04:30 - Going over my current workflow/setup.
06:25 - My Start Battlegrounds script, just setting up a WWW Directory with my IP Address.
07:20 - Going over a script I use to quickly SSH into the defending castles.
08:15 - The Get Flags script, which just SSH's into machines and cats flags.
09:10 - Going over Metasploit.
10:10 - Setting up BurpSuite to only intercept traffic to the castles.
11:50 - Doing a dry run of setting up my scripts, while I wait for a queue.
13:15 - Showing my favorite incident response command, ps -aef --forest.
13:45 - Going into a processes /proc/ directory to look at their current working directory.
16:15 - Match Found! Going into the lobby and downloading an OpenVPN Key.
17:50 - Match Started, setting up the battleground script and going to each castle, then pressing: Ctrl+Shift+R
18:50 - Assigning a box to myself to notify the team I'm working a box and logging into the blue box.
19:25 - Intercepting a login request, seeing this is XML, trying XML Entity Injection.
20:50 - Grabbing the SSH Key for Olivia and logging in.
22:20 - Discovering how to patch this vulnerability and validating our patch (libxml_disable_entity_loader).
23:40 - Finding Olivia's password, running sudo and seeing there are a few GTFOBins to privesc
24:50 - Running SYSCTL to dump the root's SSH Key and logging into the box.
26:30 - Doing some light Incident Response on our box to hunt for revshells. I missed a shell here! Metasploit can be found at PID 3437...
28:40 - Starting a TCPDump and then logging into the other castles.
31:00 - Finally found the reverse shell! on our box. Checking the current working directories
32:10 - Grabbing the IP Address of the shell to look at HTTP Access Log. Still don't really see any malicious HTTP Requests.
35:50 - Incorrectly killing the process, then running TCPDump.
38:30 - Killing their shell for real this time.
39:50 - A different box got owned, finding a reverse shell.
42:00 - Tobu keeps getting a flag on another box but has no shell, doing some incident response to find out what happened.
43:00 - Checking a theory on how to access the flag (LFI with file:///etc/passwd). Then doing a bad/hacky patch to prevent the flag from being passed into the parameter.
47:00 - Doing a bad job analyzing that TCPDUMP we captured earlier with Wireshark.
51:15 - Examining the HTTP Headers to /blog, to discover an Xdebug header, checking the exploit in Metasploit.
52:49 - Doing some IR against our meterpreter session. Seeing how well it stays hidden prior to running a shell.
54:30 - Disabling Xdebug. 😎⚔️🎮🏁
Видео Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec канала Hack The Box
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Cyber Mayhem Blue Team Gameplay: Process Monitoring with Snoopy (LD_Preload)
HackTheBox - Rope
learning hacking? DON'T make this mistake!! (hide yourself with Kali Linux and ProxyChains)
HackTheBox - Doctor
Tour of A Hacker's Backpack (My EDC)
Former NSA hacker: top skills, jobs and hacking in 2021
TryHackMe GAMING SERVER - LXD Privilege Escalation
HackTheBox - Dyplesher
BLACKFIELD Walkthrough with Snowscan - Hack The Box Meetup (September 2020)
HackTheBox - Buff
HackTheBox - Popcorn
HackTheBox - OpenKeyS
HackTheBox - Worker
Programming / Coding / Hacking music vol.3 (TIME TO HACK)
Intro to Hack The Box & Rooting the Lame VM
HackTheBox - BankRobber
HackTheBox - Book
HackTheBox - SolidState
HackTheBox - Help
TryHackMe! Basic Penetration Testing