HackTheBox - Crafty
00:00 - Introduction
01:00 - Start of nmap
02:55 - Doing a full nmap scan, then scanning the minecraft ports with scripts to discover minecraft version
04:45 - Discovering this minecraft version is vulnerable to Log4j
06:50 - Extracting Java Version/Class Path/etc via Log4j
10:40 - Using the Log4j Shell POC to get a shell, this reflectively loads a Java Library
13:50 - Getting a reverse shell
15:00 - Discovering plugins on the server, copying the JAR over to our box and decompiling it to discover hardcoded credentials
20:20 - Using PowerShell to run a command as Administrator to get root
Watch video HackTheBox - Crafty online without registration, duration hours minute second in high quality. This video was added by user IppSec 15 June 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 14,520 once and liked it 422 people.