HackTheBox - Node
00:45 - Begin of NMAP
03:00 - GoBuster (Fails)
08:15 - Screw GoBuster, BurpSpider FTW
09:12 - Examing Routes File to find more pages
10:10 - Finding Credentials and downloading backup
14:45 - Cracking the zip with fcrackzip
16:45 - Finding more credentials (SSH) within MongoSource
21:50 - Privesc to Tom User
35:04 - Analyzing Backup Binary File
36:49 - Using strace to find binary password
40:25 - Finding blacklisted characters/words
50:00 - Unintended method one, abusing CWD
52:20 - Unintended method two, wildcards to bypass blacklist
54:45 - Unintended method three, command injection via new line
59:15 - Intended root Buffer Overflow ASLR Brute Force
If you want to see more detail on the ret2libc check out October: • HackTheBox - October
Watch video HackTheBox - Node online without registration, duration hours minute second in high quality. This video was added by user IppSec 03 March 2018, don't forget to share it with your friends and acquaintances, it has been viewed on our site 51,090 once and liked it 553 people.