HackTheBox - Academy
00:00 - Intro
01:30 - Start of nmap
03:00 - Adding academy to our host file, then taking a look at the web page
08:50 - Discovering a weird port (33060), attempting to enumerate it manually
13:15 - Discovering from our gobuster results
14:20 - Playing with having spaces in usernames, then seeing roleid in the parameter
16:30 - Creating and logging in with an admin to see a new vhost
18:00 - Looking for Laravel Exploits, finding a metasploit module
19:00 - Getting the APP_KEY from the laravel error page, which is needed for exploitation
19:50 - Using metasploit to exploit Laravel and send the requests through burpsuite so we can analyze the exploit
21:30 - Analyzing the exploit, going to CyberChef to decrypt the payload
27:30 - Reverse Shell returned
31:50 - Looking at .env files to get passwords, then failing at logging into the database
33:40 - Creating a list of users on the box
36:10 - Running crackmapexec with users and the password we found
38:45 - R
7 months ago 00:33:44 1
7 months ago 00:27:16 1
7 months ago 02:00:43 1
7 months ago 00:20:43 1
7 months ago 00:36:09 1
8 months ago 00:30:39 1
8 months ago 00:13:24 1
8 months ago 11:21:04 1
8 months ago 07:22:03 1
8 months ago 00:41:25 4
9 months ago 05:30:24 3
10 months ago 01:02:06 14
10 months ago 00:16:21 18
10 months ago 02:09:39 12
11 months ago 00:15:02 1
11 months ago 00:13:41 1
11 months ago 00:46:30 1
11 months ago 00:09:21 1
11 months ago 00:39:17 7
11 months ago 00:42:37 10
11 months ago 02:34:35 10
11 months ago 00:52:33 9
11 months ago 00:46:53 7
11 months ago 01:21:40 6
