HackTheBox - Usage
00:00 - Introduction
00:50 - Start of nmap
02:00 - Discovering the page is Laravel based upon cookies
05:30 - Discovering the SQL Injection in Reset Password, then running SQLMap screwing up our results because we logged out in middle of SQLMap
18:50 - Cracking the user out of admin_users
20:00 - Logging into admin.usage.htb and discovering a vulnerable Laravel Admin, which is vulnerable to PHP File Upload in the avatar
24:10 - Shell returned on the box
28:30 - Discovering we can run 7z with sudo and the Wildcard Spare Trick will let us read files
Watch video HackTheBox - Usage online without registration, duration hours minute second in high quality. This video was added by user IppSec 10 August 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 16,202 once and liked it 485 people.