Media Summary: Plain password in config.php - Credentials in NodeJS Express Framework - Root password in config.json wfuzz FTW! 00:40 - Begin of Recon 02:45 - Checking FTP to get a note 03:38 - Going to each of the three websites 04:30 - Running Gobuster ... 00:00 - Port Scan 00:20 - SSH Account Granted 00:56 - Misconfigured POSIX Capability Enumeration 01:16 - Network Sniffing ...
Hackthebox Luke Speedrun - Detailed Analysis & Overview
Plain password in config.php - Credentials in NodeJS Express Framework - Root password in config.json wfuzz FTW! 00:40 - Begin of Recon 02:45 - Checking FTP to get a note 03:38 - Going to each of the three websites 04:30 - Running Gobuster ... 00:00 - Port Scan 00:20 - SSH Account Granted 00:56 - Misconfigured POSIX Capability Enumeration 01:16 - Network Sniffing ... 00:00 - Port Scan 00:30 - UnrealIRCd Exploit 00:59 - SUID Binary Analysis 01:41 - Privilege Escalation Thank you for watching! I couldn't find any video of someone speedruning this, so, this might be considered as a WR? :^) Whats up guys, today I have for you all a vod-review style video of our tempest keep
[ Timestamp Below ] *- - - Thank you so much for 400 subscription :D !! - - -* *- - - I am starting my OSCP journey soon, but I will still ... Tools: Nmap, Metasploitable, Jenkins, Data Stream, KeePass Abusing Jenkins to get the foothold and Impersonation to get ...