HackTheBox - LaCasaDePapel
01:05 - Start of nmap
02:50 - Attempting to execute an VSFTPD Backdoor via MSF
03:40 - Discovering the backdoor opened 6200, discovering a weird shell
04:50 - Lets figure out what just happened
06:50 - Triggering the backdoor without Metasploit
09:05 - Exploring the Psy PHP Shell opened up by the backdoor
10:20 - Several functions for executing bash aren’t working, checking disable_functions
11:40 - Attempting to bypass disabled_functions (does not work)
12:50 - Using ScanDir() and File_Get_Contents(), to explore the filesystem
14:50 - Identifying we are probably running as the Dali User (Unintended Path)
17:00 - Downloading , which is a private key to a webserver
21:40 - Using the to generate client certificates to access the HTTPS Page
30:25 - Weird it didn’t work, lets just verify all our certificates are good
32:28 - This time it worked! We connected to the server
33:20 - Failing to add the certificate to BurpSuite
33:50 - Discovering F
9 months ago 00:10:23 1
12 months ago 00:00:00 1
1 year ago 00:04:06 1
1 year ago 00:32:44 18
1 year ago 00:34:38 2
1 year ago 01:27:34 5
1 year ago 00:37:18 6
1 year ago 00:41:25 5
1 year ago 01:46:13 2
1 year ago 01:12:42 4
1 year ago 00:26:29 1
1 year ago 02:06:46 2
1 year ago 00:54:43 11
1 year ago 02:05:30 1
1 year ago 00:33:44 1
1 year ago 00:27:16 1
1 year ago 00:30:39 1
1 year ago 11:21:04 1
1 year ago 07:22:03 1
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
2 years ago 00:39:17 7
