HackTheBox - Wall

IppSec · Beginner ·🧠 Large Language Models ·6y ago
00:55 - Start of recon 02:30 - Running GoBuster to discover the /monitoring directory 03:50 - Running hydra to try to brute force the HTTP Authentication (Does not work due to it being a secure password) 05:20 - Bypassing the AUTH Request by changing to a POST — Explain why this works later 06:30 - Looking at the Centreon Changelog to look for any exploits 08:10 - There aren’t any unauthenticated exploited, lets brute force a login. The main way uses a CSRF Token. 08:50 - Bypassing the CSRF by using the Centreon API 12:00 - Using wfuzz to brute force the API Login and get admin:Password1 14:15 - Changing the Monitoring Engine Binary under Configure Pollers to get code execution 16:15 - Trying to ping ourselves, find out we can’t use space 17:10 - Using IFS to instead of space 20:11 - Ping worked, trying to do a Reverse Shell 23:50 - The reverse shell didn’t work lets do some debugging 25:55 - Adding a semicolon at the end of the script and getting a reverse shell 26:20 - Reverse shell returned, lets build a proper TTY with ROWS and COLUMNS so we can do things like vi 30:20 - Searching for files between two dates 33:00 - Discovering backup which is a PYC File, using uncompyle to decompile it 34:55 - Getting Shelby’s password out of the backup script 35:45 - Using LinPEAS instead of LinEnum to look for privescs 43:10 - Exploiting Screen-4.5.0 to get root ## Extra 46:30 - Static Code Analysis tip, looking for dangerous functions
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →
1 HHC2016 - Analytics
HHC2016 - Analytics
IppSec
 2 HackTheBox - October
HackTheBox - October
IppSec
 3 HackTheBox - Arctic
HackTheBox - Arctic
IppSec
 4 HackTheBox - Brainfuck
HackTheBox - Brainfuck
IppSec
 5 HackTheBox - Bank
HackTheBox - Bank
IppSec
 6 HackTheBox - Joker
HackTheBox - Joker
IppSec
 7 HackTheBox - Lazy
HackTheBox - Lazy
IppSec
 8 Camp CTF 2015 - Bitterman
Camp CTF 2015 - Bitterman
IppSec
 9 HackTheBox - Devel
HackTheBox - Devel
IppSec
 10 Reversing Malicious Office Document (Macro) Emotet(?)
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
 11 HackTheBox - Granny and Grandpa
HackTheBox - Granny and Grandpa
IppSec
 12 HackTheBox - Pivoting Update: Granny and Grandpa
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
 13 HackTheBox - Optimum
HackTheBox - Optimum
IppSec
 14 HackTheBox - Charon
HackTheBox - Charon
IppSec
 15 HackTheBox - Sneaky
HackTheBox - Sneaky
IppSec
 16 HackTheBox - Holiday
HackTheBox - Holiday
IppSec
 17 HackTheBox - Europa
HackTheBox - Europa
IppSec
 18 Introduction to tmux
Introduction to tmux
IppSec
 19 HackTheBox - Blocky
HackTheBox - Blocky
IppSec
 20 HackTheBox - Nineveh
HackTheBox - Nineveh
IppSec
 21 HackTheBox - Jail
HackTheBox - Jail
IppSec
 22 HackTheBox - Blue
HackTheBox - Blue
IppSec
 23 HackTheBox - Calamity
HackTheBox - Calamity
IppSec
 24 HackTheBox - Shrek
HackTheBox - Shrek
IppSec
 25 HackTheBox - Mirai
HackTheBox - Mirai
IppSec
 26 HackTheBox - Shocker
HackTheBox - Shocker
IppSec
 27 HackTheBox - Mantis
HackTheBox - Mantis
IppSec
 28 HackTheBox - Node
HackTheBox - Node
IppSec
 29 HackTheBox - Kotarak
HackTheBox - Kotarak
IppSec
 30 HackTheBox - Enterprise
HackTheBox - Enterprise
IppSec
 31 HackTheBox - Sense
HackTheBox - Sense
IppSec
 32 HackTheBox - Minion
HackTheBox - Minion
IppSec
 33 VulnHub - Sokar
VulnHub - Sokar
IppSec
 34 VulnHub - Pinkys Palace v2
VulnHub - Pinkys Palace v2
IppSec
 35 HackTheBox - Inception
HackTheBox - Inception
IppSec
 36 Vulnhub - Trollcave 1.2
Vulnhub - Trollcave 1.2
IppSec
 37 HackTheBox - Ariekei
HackTheBox - Ariekei
IppSec
 38 HackTheBox - Flux Capacitor
HackTheBox - Flux Capacitor
IppSec
 39 HackTheBox - Jeeves
HackTheBox - Jeeves
IppSec
 40 HackTheBox - Tally
HackTheBox - Tally
IppSec
 41 HackTheBox - CrimeStoppers
HackTheBox - CrimeStoppers
IppSec
 42 HackTheBox - Fulcrum
HackTheBox - Fulcrum
IppSec
 43 HackTheBox - Chatterbox
HackTheBox - Chatterbox
IppSec
 44 HackTheBox - Falafel
HackTheBox - Falafel
IppSec
 45 How To Create Empire Modules
How To Create Empire Modules
IppSec
 46 HackTheBox - Nightmare
HackTheBox - Nightmare
IppSec
 47 HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
 48 HackTheBox - Bart
HackTheBox - Bart
IppSec
 49 HackTheBox - Aragog
HackTheBox - Aragog
IppSec
 50 HackTheBox - Valentine
HackTheBox - Valentine
IppSec
 51 HackTheBox - Silo
HackTheBox - Silo
IppSec
 52 HackTheBox - Rabbit
HackTheBox - Rabbit
IppSec
 53 HackTheBox - Celestial
HackTheBox - Celestial
IppSec
 54 HackTheBox - Stratosphere
HackTheBox - Stratosphere
IppSec
 55 HackTheBox - Poison
HackTheBox - Poison
IppSec
 56 HackTheBox - Canape
HackTheBox - Canape
IppSec
 57 HackTheBox - Olympus
HackTheBox - Olympus
IppSec
 58 HackTheBox - Sunday
HackTheBox - Sunday
IppSec
 59 HackTheBox - Fighter
HackTheBox - Fighter
IppSec
 60 HackTheBox - Bounty
HackTheBox - Bounty
IppSec

Related AI Lessons

Behind the Scenes of a Self-Evolving AI: The Architecture of Tian AI
Learn the architecture of Tian AI, a self-evolving AI system that grows and improves itself without cloud or APIs
Dev.to AI
Tian AI vs ChatGPT: Why Local AI Is the Future of Privacy
Learn why local AI is the future of privacy and how Tian AI compares to ChatGPT in terms of privacy, cost, and features
Dev.to AI
If You Replace Your LLM Endpoint, What Actually Needs Regression Testing?
Learn what needs regression testing when replacing an LLM endpoint to avoid subtle production regressions
Dev.to AI
We Fixed Karpathy’s LLM Wiki - PENgram Is the Typed Knowledge Graph Pipeline Everyone Asked For
Learn how to enhance Karpathy's LLM Wiki with a typed knowledge graph pipeline called PENgram, enabling more meaningful connections between notes
Dev.to AI

Chapters (21)

0:55 Start of recon
2:30 Running GoBuster to discover the /monitoring directory
3:50 Running hydra to try to brute force the HTTP Authentication (Does not work due
5:20 Bypassing the AUTH Request by changing to a POST — Explain why this works late
6:30 Looking at the Centreon Changelog to look for any exploits
8:10 There aren’t any unauthenticated exploited, lets brute force a login. The mai
8:50 Bypassing the CSRF by using the Centreon API
12:00 Using wfuzz to brute force the API Login and get admin:Password1
14:15 Changing the Monitoring Engine Binary under Configure Pollers to get code exec
16:15 Trying to ping ourselves, find out we can’t use space
17:10 Using IFS to instead of space
20:11 Ping worked, trying to do a Reverse Shell
23:50 The reverse shell didn’t work lets do some debugging
25:55 Adding a semicolon at the end of the script and getting a reverse shell
26:20 Reverse shell returned, lets build a proper TTY with ROWS and COLUMNS so we ca
30:20 Searching for files between two dates
33:00 Discovering backup which is a PYC File, using uncompyle to decompile it
34:55 Getting Shelby’s password out of the backup script
35:45 Using LinPEAS instead of LinEnum to look for privescs
43:10 Exploiting Screen-4.5.0 to get root
46:30 Static Code Analysis tip, looking for dangerous functions
Up next
5 Levels of AI Agents - From Simple LLM Calls to Multi-Agent Systems
Dave Ebbelaar (LLM Eng)
Watch →