- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
HackTheBox - Stratosphere
01:11 - Begin of recon
03:48 - Manually checking the page out
04:30 - Discovering the webserver is java/tomcact
05:35 - Starting up GoBuster / Hydra
09:40 - The Directory /Monitoring was found - Discovering its Struts because of .action
11:00 - Stumbling upon an exploit trying to find out how to enumerate Struts Versions
14:10 - Searching Github for CVE-2017-5638 exploit script, exploiting the box to find out its firewalled off
21:10 - Using a HTTP Forward Shell to get around the strict firewall
# Sokar Video Explaining it: https://www.youtube.com/watch?v=k6ri-LFWEj4
# Inception - Another box where i modify the FWD Shell POC: https://www.youtube.com/watch?v=J2I-5xPgyXk&t=3s
22:40 - Go here if you want to start copying the Forward Shell Script
23:34 - Explaining how it works
25:10 - Explaining the code
31:06 - Forward Shell Returned - Enumerating Database to find creds
37:29 - Examining User.py
40:15 - Privesc: Abusing Python's Path to load a malicious library and sudo user.py
Видео HackTheBox - Stratosphere канала IppSec
03:48 - Manually checking the page out
04:30 - Discovering the webserver is java/tomcact
05:35 - Starting up GoBuster / Hydra
09:40 - The Directory /Monitoring was found - Discovering its Struts because of .action
11:00 - Stumbling upon an exploit trying to find out how to enumerate Struts Versions
14:10 - Searching Github for CVE-2017-5638 exploit script, exploiting the box to find out its firewalled off
21:10 - Using a HTTP Forward Shell to get around the strict firewall
# Sokar Video Explaining it: https://www.youtube.com/watch?v=k6ri-LFWEj4
# Inception - Another box where i modify the FWD Shell POC: https://www.youtube.com/watch?v=J2I-5xPgyXk&t=3s
22:40 - Go here if you want to start copying the Forward Shell Script
23:34 - Explaining how it works
25:10 - Explaining the code
31:06 - Forward Shell Returned - Enumerating Database to find creds
37:29 - Examining User.py
40:15 - Privesc: Abusing Python's Path to load a malicious library and sudo user.py
Видео HackTheBox - Stratosphere канала IppSec
Комментарии отсутствуют
Информация о видео
1 сентября 2018 г. 20:00:04
00:42:18
Другие видео канала
HackTheBox - Flujab
HHC2016 - Analytics
HackTheBox - Resource
HackTheBox - Agile
HHC2016 - Getting Coins
HackTheBox - BlockBlock
HackTheBox - Intuition
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
Golang for Hackers: LDAP Injector - Episode 03 - Error Handling
HackTheBox - Infiltrator
HackTheBox - Freelancer
HHC2016 - Ads
HHC2016 - Terminal Speedrun
HHC2016 - Exception
Playing with Exploits - OMIGod
Looking into the Looney Tunable Linux Privesc CVE-2023-4911
HackTheBox - Chaos
HackTheBox - Travel
HackTheBox - Usage
HackTheBox - Developer
