HackTheBox - Bizness
00:00 - Introduction
01:00 - Start of nmap
03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here
04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster
07:40 - Discovering the OfBiz Version, looking for exploits
09:00 - Going over the Authentication Bypass in OfBiz
12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions
14:30 - Building a ReverseShell Payload that works with YSOSERIAL
18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Database
22:30 - Copy the Derby Database then using IJ from Derby-Tools to dump the data
26:40 - The hash in the database is a URL Base64 Encoded, decoding it reveals it has a length of 40 which is normal for Sha1Sum. Decoding it then cracking with hashcat
Watch video HackTheBox - Bizness online without registration, duration hours minute second in high quality. This video was added by user IppSec 25 May 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 15,862 once and liked it 450 people.