HackTheBox - PC
00:00 - Introduction
01:05 - Start of nmap
03:00 - Googling the port number, and reading more about gRPC
04:45 - Install GRPCurl so we can access the gRPC interface
06:30 - Enumerating the grpc interface
10:30 - Registering a user and logging in
13:45 - Using Verbose with GRPCurl to get extra information which includes an JWT
16:20 - Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the database to discover SQLite
19:45 - Enumerating the SQLite Database (similar to Information_schema with mysql)
21:45 - Using Group_Concat with a union injection to dump all users and passwords, then SSH into the box
24:45 - Discovering PyLoad is running on localhost, setting up an SSH Tunnel to access it
26:00 - Finding a public POC and running it to exploit PyLoad
Watch video HackTheBox - PC online without registration, duration hours minute second in high quality. This video was added by user IppSec 07 October 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 14,277 once and liked it 482 people.