HackTheBox - Admirer
01:15 - Doing nmap quickly by not running scripts to get open ports, then using that output to run scripts.
04:50 - Checking out the webserver, discovering
07:55 - Running gobuster on the admin-dir with the extensions txt and php
11:15 - Finding within that admin-dir
13:15 - Logging into FTP to discover the web directory source
21:30 - Running gobuster again on utility-scripts to discover
24:55 - Going to adminer and trying to login
27:10 - Bypassing adminer authentication by creating a MySQL Database
31:45 - Failing to drop a file in adminer
34:30 - Using LOAD DATA LOCAL to insert a file into our database
38:05 - Uploading the servers to our database and discovering the password
39:00 - SSH into the server with the password found before
41:50 - Sudo allows us to set environment variables, using PYTHONPATH to hijack a python library... Failing to get a rev shell
49:00 - Switching to nc for a revshell and getting a root she
2 months ago 00:33:44 1
3 months ago 00:27:16 1
3 months ago 02:00:43 1
3 months ago 00:20:43 1
3 months ago 00:36:09 1
3 months ago 00:30:39 1
4 months ago 00:13:24 1
4 months ago 11:21:04 1
4 months ago 07:22:03 1
4 months ago 00:41:25 4
5 months ago 05:30:24 3
5 months ago 01:02:06 14
5 months ago 00:16:21 18
5 months ago 02:09:39 12
6 months ago 00:15:02 1
6 months ago 00:13:41 1
6 months ago 00:46:30 1
6 months ago 00:09:21 1
6 months ago 00:39:17 7
6 months ago 00:42:37 10
6 months ago 02:34:35 10
6 months ago 00:52:33 9
6 months ago 00:46:53 7
7 months ago 01:21:40 6
