HackTheBox - Codify
00:00 - Introduction
01:00 - Start of nmap
02:50 - Playing with the Javascript Editor, discovering filesystem calls are blocked
04:45 - Discovering the sandbox is vm2, going to github discovering it is discontinued with known security issues
06:30 - Getting code execution, then a reverse shell
09:50 - Discovering a second website with a database, cracking hashes in the database
12:50 - Discovering Joshua can run a bash script with sudo
15:00 - Looking at the Bash Common Pitfall guide which shows the error in the if/then logic in the bash script
15:55 - Explaining why the bash if/then is exploitable when user input is on the right side and unquoted
18:30 - Bypassing authentication in the script with a *, then looking at processes and seeing mysql censored the password on ps
20:50 - Running pspy which will grab the cmdline arguments before mysql has a chance to rewrite argv
21:50 - Showing HIDEPIDS in /etc/fstab to hide processes of other users
24:30 - Writing a program that can spoof argv on linux
26:30 - Showing how we grab the memory location of argv
27:30 - Looping over each argument, so we could overwrite a specific one if we wanted to
29:15 - Showing our process run with a blank process
33:30 - Making our program ps output blend in more
Watch video HackTheBox - Codify online without registration, duration hours minute second in high quality. This video was added by user IppSec 06 April 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 12,908 once and liked it 447 people.