HackTheBox - Obscurity
00:00 - Intro
01:03 - Quick rant about Security through Obscurity and why it can be good
02:30 - Begin of nmap’ing the box
06:30 - Checking out the webpage, GoBuster giving weird errors, try WFUZZ
12:05 - Taking a deeper look at the website while we have some recon running
17:45 - Wfuzz found nothing hunting for /$directory/
18:00 - Doing some Directory Traversal attempts against the webserver, and seeing it looks like its vulnerable
20:50 - Extracting the source code to the webserver by specifying /../
23:30 - Installing VS Code so we can run this webserver and insert breakpoints
28:20 - Creating then running the code in VSCode
36:00 - Exploiting the exec() statement in the WebServer
39:00 - Explaining that we can’t use for spaces in the url, have to do , then testing a reverse shell
45:00 - Reverse shell returned
46:50 - Turns out the intended way is to find the /develop/ directory. Looking into why wf
5 months ago 00:10:23 1
8 months ago 00:00:00 1
10 months ago 00:04:06 1
10 months ago 00:32:44 18
10 months ago 00:34:38 2
10 months ago 01:27:34 5
10 months ago 00:37:18 6
10 months ago 00:41:25 5
10 months ago 01:46:13 2
10 months ago 01:12:42 4
10 months ago 00:26:29 1
10 months ago 02:06:46 2
10 months ago 00:54:43 11
10 months ago 02:05:30 1
11 months ago 00:33:44 1
11 months ago 00:27:16 1
11 months ago 00:30:39 1
12 months ago 11:21:04 1
1 year ago 05:30:24 3
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
