HackTheBox - Moderators

00:00 - Intro 01:05 - Start of nmap, then going over the website 03:30 - Examining all the pages on the blog 04:40 - Looking at the report parameter, doing some light testing for SQL Injection before moving on to IDOR 07:00 - Using ffuf to bruteforce all reports matching upon a word (phrase) on the page 11:00 - Attempting to figure out if the md5sum in the logs URL is random by submitting the hash to crackstation 13:00 - Discovering a file upload vulnerability, faking a PDF and uploading a PHP Shell 18:25 - When using a PHP Shell System() commands don't work. Uploading PHPInfo to view disabled functions and seeing System is blocked 21:00 - Getting code execution through Popen() which wasn't blacklisted 24:30 - Reverse shell returned 26:55 - Discovering another webserver is running on localhost, turns out to be Wordpress 29:50 - Exploiting the wordpress plugin BrandFolder to get a shell as Lexi 35:00 - Lexi has an SSH Key, using SSH to access the server and then setting up a tunnel to access the wordpress site and checking out the PWDMS Plugin 40:55 - Using MySQL to reset a wordpress password, so we can log in 43:50 - Gaining access to the box as John 46:30 - Finding a Virtual Box file that has an encrypted VDI 48:20 - Using Hashcat to crack the VirtualBox VDI File 52:55 - Installing the VirtualBox extension that would allow us to utilize an encrypted VDI 56:45 - Decrypting the VirtualBox VDI Image with VBoxManage 58:45 - Mounting the VirtualBox VDI Image and discovering the hard drive is encrytped with LUKSv2 59:50 - Cracking the LUKS v2 Password 1:02:00 - Mounting the Luks Drive then discovering a bunch of scripts 1:03:55 - Doing some bash-fu to extract all variables and run them against the ent command to display entropy, then discovering the password somewhat sticks out, which gets root 1:08:50 - Another fun trick to find passphrases. Creating a regex to path for WORDS_seperated-LIKE-this