Скачать с ютуб HackTheBox - Busqueda в хорошем качестве

HackTheBox - Busqueda

00:00 - Introduction 01:00 - Start of the nmap 04:20 - Copying the request in burpsuite to a file so we can use FFUF to fuzz 06:00 - Just testing for SSTI 06:45 - Found two bad characters, putting a comment after a bad character to see where it is failing 08:20 - Discovering we can append to the string, then trying for executing code with print to test for eval statements 10:00 - Getting a reverse shell 15:00 - Reverse shell returned 17:00 - Looking at apache virtualhosts to discover a hidden vhost that is running gitea 19:00 - Finding creds in the .git folder which lets us run sudo 22:00 - Inspecting the docker containers to discover passwords in environment variables which lets us log into gitea as administrator and view the script we are running as sudo 25:30 - Discovering the system-checkup.py script is not using an absolute path, so we can execute a shell script in our CWD as root