HackTheBox - OpenAdmin

00:00 - Intro 02:35 - Running GoBuster to discover /music/, checking the page to try to find out what it is. 05:00 - Going to login reveals this is OpenNetAdmin version , searchsploit isn’t updated and fails to find the correct exploit 06:00 - Showing what to do when an web exploit script gives HTML 10:30 - Finding the correct exploit script, setting it to go through burpsuite 15:30 - Failing to get a reverse shell for a bit because of bad characters (explained at end, we needed to URL Encode it). 23:30 - Reverse shell worked when doing the python one. 25:30 - Running LinPEAS 31:30 - Looking for a config file with database connection info 33:00 - Exploring the MySQL Database to get additional creds 37:40 - Running Medusa to test the passwords against users on the box to discover we can login as jimmy 38:40 - Showing of “sucrack“ to brute force with “su“ incase SSH Was not open 44:00 - Running find to see what files are owned by Jimmy to see som