HackTheBox - Analytics
IppSec
View ChannelAbout
Video Search: https://ippsec.rocks
Latest Posts
Video Description
0:00 - Introduction 01:00 - Start of nmap 03:20 - Discovering Metabase, noticing the HTTP Headers are different. Checking TTL just to see if it decrements from the main web page. 07:00 - Searching for an exploit for metabase, then enumerating version 09:30 - Manually exploiting Metabase by pulling the setup-token, then getting injection on the /setup/validate endpoint through the JDBC Driver 15:50 - Reverse shell returned 18:30 - Discovering credentials in the environment variables, then ssh into the box 20:12 - Googling the kernel to discover its vulnerable to GameOverlay 24:00 - Explaining the gameoverlay exploit (CVE-2023-23640, CVE-2023-32629) 25:50 - Stepping through the exploit manually to understand how the overlay fs works, and what the exploit did to abuse it 28:10 - Looking into the permissions of the binaries that were created
Master Ethical Hacking Today
AI-recommended products based on this video
BrosTrend Linux USB WiFi Adapter 1200Mbps Supports Ubuntu, Mint, Debian, Kubuntu, Mate, Zorin, PureOS, Raspberry Pi 2+, Windows 11/10, USB3.0 Wireless Dual Band Wi-Fi 5GHz/867Mbps + 2.4GHz/300Mbps
BrosTrend 1800Mbps WiFi 6 Linux WiFi Adapter for PC and Raspberry Pi 2+, Long Range USB WiFi Dongle Linux for Ubuntu, Mint, Debian, Kubuntu, Lubuntu, Zorin, Windows 11/10, Dual Band Wireless Antenna
MeLE Quieter DL Mini PC Windows 11 Home, N100 4GB 128GB, 2.5G Dual LAN,IoT Industrial Desktop Computer Support Windows 10 11 Linux Ubuntu Debian 4K Triple Display, Dual HDMI, All-in-One USB-C
Wireless Print Server for USB Printer (NOT Plug&Play), 2 Port USB Print Server, Convert Wired Printer to Wireless WiFi Ethernet Networking - Windows Mac Linux Compliant - CR202
10.1 Inch Touch Portable Monitor IPS Screen 1366x768P 60Hz 400 Brightness 99% sRGB HDMI USB-C Monitors Switch for Xbox PS3/4/5 Laptop Compatible with Raspberry Pi, Mini Touch Screen
