HackTheBox - MonitorsFour

IppSec · Beginner ·☁️ DevOps & Cloud ·1mo ago

Key Takeaways

Demonstrates a cybersecurity challenge using HackTheBox's MonitorsFour

Original Description

00:00 - Introduction 00:57 - Start of nmap 03:20 - Looking at the webpage doing basic enumeration 05:30 - Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i went down first 09:50 - Discovering the /user endpoint, fuzzing the token parameter discovering type juggling, cracking hashes 14:40 - Logging into the application, which seems like an odd static page 18:00 - Discovering the Cacti Domain, Logging in and showing we can enumerate if a user is valid or not by a timing attack 23:50 - Exploting CVE-2025-24367 , which lets us create php files on the target 28:40 - Creating the payload to drop the file to get RCE 36:00 - Shell returned. 38:10 - Using bash to be a basic port scanner, then dumping the database 45:00 - Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a container that mounts the host operating system in a container then reading the flag 55:00 - Getting code execution on the host by looking at scheduled tasks and changing a powershell script that runs every 3 minutes
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

📰
How to Undo git reset — hard and Recover Lost Commits
Learn how to recover lost commits after a git reset --hard using reflog and ORIG_HEAD
Medium · DevOps
📰
️ Init Containers Explained: Preparing Applications Before Startup
Learn how Init Containers prepare applications before startup in Kubernetes and why it matters for reliable deployments
Medium · DevOps
📰
Stop Writing Terraform Like It’s a Script: Build It Like a Software Project
Improve your Terraform projects by adopting software development best practices for project structure
Medium · DevOps
📰
Our Docker Bridge Ran Out of IPs. New Containers Couldn’t Connect for 4 Hours.
Learn how to avoid Docker bridge IP exhaustion by configuring default-address-pools and understanding subnet limitations
Medium · Programming

Chapters (13)

Introduction
0:57 Start of nmap
3:20 Looking at the webpage doing basic enumeration
5:30 Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i we
9:50 Discovering the /user endpoint, fuzzing the token parameter discovering type j
14:40 Logging into the application, which seems like an odd static page
18:00 Discovering the Cacti Domain, Logging in and showing we can enumerate if a use
23:50 Exploting CVE-2025-24367 , which lets us create php files on the target
28:40 Creating the payload to drop the file to get RCE
36:00 Shell returned.
38:10 Using bash to be a basic port scanner, then dumping the database
45:00 Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a con
55:00 Getting code execution on the host by looking at scheduled tasks and changing
Up next
AWS, Azure, GCP: The One Thing Every Business Gets Wrong
AI Daily
Watch →