HackTheBox - Safe
00:40 - Begin of nmap
02:31 - Discovering MyApp in the HTML Source
03:30 - Examining MyApp on port 1337
05:30 - Opening myapp up in Ghidra
07:20 - Testing out the buffer overflow
08:40 - Using pattern search to see where we can overwrite RSP
10:15 - Create a PwnTool Skeleton and having it call main instead of crashing
12:30 - Testing calling main (error: need to do recvline to send text)
13:50 - Explaining hijacking the SYSTEM() call
17:11 - Finding a way to put user input into RDI
17:30 - Examining the Test Function which places RSP to RDI
19:50 - Finding a pop r13 as the Test Function jumps to r13
23:30 - Putting the gadget togather for code execution
27:00 - Setting pwntools to exploit the remote host
28:30 - Shell on the box
29:15 - Dropping SSH Key to get a normal shell and copying keepass files
31:40 - Using keepass2john to create hashes to crack
35:00 - Cracking keepass hashes with hashcat
37:50 - Using kpcli to export the root password
39:20 -
3 months ago 00:10:23 1
6 months ago 00:00:00 1
7 months ago 00:04:06 1
8 months ago 00:32:44 18
8 months ago 00:34:38 2
8 months ago 01:27:34 5
8 months ago 00:37:18 6
8 months ago 00:41:25 5
8 months ago 01:46:13 2
8 months ago 01:12:42 4
8 months ago 00:26:29 1
8 months ago 02:06:46 2
8 months ago 00:54:43 11
8 months ago 02:05:30 1
8 months ago 00:33:44 1
9 months ago 00:27:16 1
9 months ago 00:30:39 1
10 months ago 11:21:04 1
11 months ago 05:30:24 3
11 months ago 01:02:06 16
11 months ago 00:16:21 18
11 months ago 02:09:39 15
12 months ago 00:29:19 2
1 year ago 00:39:17 7
