HackTheBox - MonitorsFour

IppSec · Beginner ·☁️ DevOps & Cloud ·1mo ago

Key Takeaways

Demonstrates a cybersecurity challenge using HackTheBox's MonitorsFour

Original Description

00:00 - Introduction 00:57 - Start of nmap 03:20 - Looking at the webpage doing basic enumeration 05:30 - Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i went down first 09:50 - Discovering the /user endpoint, fuzzing the token parameter discovering type juggling, cracking hashes 14:40 - Logging into the application, which seems like an odd static page 18:00 - Discovering the Cacti Domain, Logging in and showing we can enumerate if a user is valid or not by a timing attack 23:50 - Exploting CVE-2025-24367 , which lets us create php files on the target 28:40 - Creating the payload to drop the file to get RCE 36:00 - Shell returned. 38:10 - Using bash to be a basic port scanner, then dumping the database 45:00 - Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a container that mounts the host operating system in a container then reading the flag 55:00 - Getting code execution on the host by looking at scheduled tasks and changing a powershell script that runs every 3 minutes
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

📰
Deploying and Configuring Apache on a RHEL/CentOS Server
Learn to deploy and configure Apache on a RHEL/CentOS server for web hosting and development purposes.
Medium · DevOps
📰
Put a Deterministic Gate Between Generated Code and Main
Learn to add a deterministic gate between generated code and main to improve code quality and reduce errors
Dev.to · kongkong
📰
How to Put a Local Service on the Public Internet with FRP (Without Losing Your Mind Over Config Files)
Learn to expose a local service to the public internet using FRP, simplifying config files
Dev.to · ChenXX
📰
Four GitHub Actions cron timing bugs that silently broke my daily pipelines
Learn about four common GitHub Actions cron timing bugs that can silently break daily pipelines and how to identify and fix them
Dev.to · MORINAGA

Chapters (13)

Introduction
0:57 Start of nmap
3:20 Looking at the webpage doing basic enumeration
5:30 Talking about Orange Tsai Worst Fit -- Doesn't get us anything but a path i we
9:50 Discovering the /user endpoint, fuzzing the token parameter discovering type j
14:40 Logging into the application, which seems like an odd static page
18:00 Discovering the Cacti Domain, Logging in and showing we can enumerate if a use
23:50 Exploting CVE-2025-24367 , which lets us create php files on the target
28:40 Creating the payload to drop the file to get RCE
36:00 Shell returned.
38:10 Using bash to be a basic port scanner, then dumping the database
45:00 Manually exploiting CVE-2025-9074, talking to Docker over HTTP to create a con
55:00 Getting code execution on the host by looking at scheduled tasks and changing
Up next
AWS, Azure, GCP: The One Thing Every Business Gets Wrong
AI Daily
Watch →