HackTheBox - Jupiter
00:00 - Introduction
03:40 - Using gobuster to enum
05:45 - Discovering Raw SQL in the HTTP Request, doing some enumeration to discover it is PostreSQL
08:00 - Looking at the PostgreSQL Copy command, which allows for running commands, getting a shell
12:45 - Got a shell as the PostgreSQL user
15:08 - Got a SSH Shell as the PostgreSQL user, then finding port 8888 and enumerating that port
17:00 - Discovered a Jupityr Notebook, using find to discover what users are doing on the box and seeing Juno has network-simulation.yml
18:45 - Putting a shell on Network-Simulation.yml and getting a shell as juno
23:45 - Shell as Juno, looking for jupityr files and discovering the token, which enables us login to Jupityr notebooks and get a shell as
28:45 - Jovian can run sattrack as as root (via sudo), running strace to discover that it reads the config from /tmp
31:30 - Editing the sattrick config to download an authorized_keys file to root's .ssh directory
33:15 - Pretending /root/.ssh didn't exist, getting a shell through cron
Watch video HackTheBox - Jupiter online without registration, duration hours minute second in high quality. This video was added by user IppSec 21 October 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 11,296 once and liked it 420 people.