HackTheBox - Seventeen

00:00 - Intro 00:57 - Start of nmap 02:50 - Taking a look at the website 05:20 - Showing some differences between Ffuf and Wfuzz 08:30 - Finding a known exploit against the Exam Reviewer Management System 11:30 - Explaining the boolean injection then running SQLMap 15:40 - Using SQLMap to extract databases, tables, and some data 18:50 - Discovering the OldManagement site, dumping its database then logging in 26:30 - Exploiting the file upload vulnerability in OldManagement by replacing .htaccess 28:20 - Explaining various ways a developer may handle the file save 40:00 - Low privilege shell returned, in a docker find credentials in configuration files. Then SSH into the box 47:20 - Examining port 4873 which is Verdaccio, an NPM Registry. Downloading packages to find hard coded credentials 51:20 - Going over the app startup script which we can run with Sudo. Ubuntu 18 sudo preserves $HOME variable so we can replace the registry in npmrc with one running on our box 55:10 - Using docker on our system to pull and run verdaccio 57:20 - Creating a malicious npm package, then getting a shell on the box 1:04:40 - Exploiting RoundCube with CVE-2020-12640