HackTheBox – Paper

00:00 – Intro
00:55 – Start of nmap
01:45 – Checking out what version of Centos is running
03:20 – Running Feroxbuster and GoBuster
04:40 – Noticing a X-Backend-SErver header that leaks the virtual host Office.Paper
05:00 – Showing my favorite nmap script Banner-Plus
06:45 – Office.Paper is wordpress, running wp-scan
10:15 – Discovering a vulnerability that lets us read posts that are in drafts, finding a Rocket Chat Server
13:10 – Discovering a Rocker Chat Bot finding an LFI and getting a password which we can use to ssh
17:30 – Looking at the ps output of the server to see who the bot runs as
19:30 – Running LinPEAS
20:55 – Finding out it is vulnerable to CVE-2021-3560 Polkit Privilege Escalation
22:08 – Running the polkit exploit and creating a secnigma user

Leave a Reply

Your email address will not be published.