HackTheBox - Phoenix
00:00 - Intro
01:00 - Start of nmap
02:22 - Taking a look at the SSL Certificates and website to find blog/forum
04:57 - Running WPScan, explaining why i like aggressive scanning
09:00 - Finding public vulnerability in Asgaros Forms (Blind Time Based SQLi)
10:45 - Running SQLMap to confirm the injection
21:00 - Examining the Wordpress Database structure, so we can run SQLMap to dump very specific things
25:20 - Cracking wordpress credentials to find out we can’t use any because of MFA
30:10 - Using our SQL Injection to dump a list of activated plugins in wordpress
32:00 - Finding an exploit in the Download From Files plugin, converting it to ignore SSL Validation Errors
35:45 - Uploading a malicious phtml (php) file to get a shell on the box
41:00 - Examining how MFA is enabled on SSH/SU by looking at PAM files
42:10 - Discovering the network can bypass MFA, which our host is on.
45:10 - Using find to show files created between two dates
48:20 - Discov
2 months ago 00:10:23 1
5 months ago 00:00:00 1
7 months ago 00:04:06 1
7 months ago 00:32:44 18
7 months ago 00:34:38 2
7 months ago 01:27:34 5
7 months ago 00:37:18 6
7 months ago 00:41:25 5
7 months ago 01:46:13 2
7 months ago 01:12:42 4
7 months ago 00:26:29 1
7 months ago 02:06:46 2
7 months ago 00:54:43 11
7 months ago 02:05:30 1
8 months ago 00:33:44 1
8 months ago 00:27:16 1
8 months ago 00:30:39 1
9 months ago 11:21:04 1
10 months ago 05:30:24 3
11 months ago 01:02:06 16
11 months ago 00:16:21 18
11 months ago 02:09:39 15
11 months ago 00:29:19 2
12 months ago 00:39:17 7
