00:00 Introduction 00:10 Nmap 00:40 Using files to connect to ftp anonymously 01:30 Checking if the webroot is actually the ftp share 02:30 Explain wappalyzer 03:00 Trying to upload php, it fails 04:00 Using an aspx web shell (SharPyShell) 05:40 Enumerating the Development directory, seeing credentials 06:40 Using crackmapexec to test password on users 07:20 Good login (PWNED) Using psexec.py to get RCE ... https://www.youtube.com/watch?v=bVd_Z321Tw0
▶️ YouTube: https://www.youtube.com/c/PinkDraconian
? Twitter: https://twitter.com/PinkDraconian
? TikTok: https://www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/
? Discord: PinkDraconian#9907
? Instagram: https://www.instagram.com/robbevanroey/
?️ Website: http://pinkdraconian.d4rkc0de.com/
?? HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Twitter: https://twitter.com/PinkDraconian
Discord: PinkDraconian#9907
Website: http://pinkdraconian.d4rkc0de.com/
Platform: CyberSecLabs
Platform Link: https://www.cyberseclabs.co.uk/
Category: Machine
OS: Windows
Challenge name: Boats
Difficulty: 1/10
00:00 Introduction
00:12 Running nmap on the windows box
00:30 Running gobuster on port 80
01:00 Doing manual enumeration on port 80 whilst waiting for our automatic recon to finish
01:45 Looking at the output from gobuster and checking the phpmyadmin file
02:07 Checking out the open phpmyadmin portal
02:35 Using phpmyadmin to get a shell on the box through uploading php code with a sql query
03:40 Checking out hacktricks to look for a good reverse shell in windows, we decide to user certutil
04:40 Using msfvenom to create a reverse meterpreter binary
05:35 Uploading our binary with certutil and running it
06:55 Using metasploit to catch our reverse meterpreter shell with exploit/multi/handler
...
https://www.youtube.com/watch?v=TwmHAzu0AeY
CTF: AUCTF
CTF Link: https://ctf.auburn.edu/
CTFTime link: https://ctftime.org/event/1020
Category: Crypto
Challenge name: Pretty Ridiculous
Description: Eve discovered that a piece of paper had been shoved into her pocket.. what could it be? The message she found can be downloaded at the following link:
(n,e) = (627585038806247, 65537)
https://drive.google.com/file/d/17z7C5i_TOx_838QNPbZvNCKW4DcPCaEF/view?usp=sharing
Difficulty: 2/10
Github with artefacts: https://github.com/PinkDraconian/CTF/tree/master/AUCTF/Pretty%20Rudiculous
...
https://www.youtube.com/watch?v=nyMiQR8Krik
CTF: AUCTF
CTF Link: https://ctf.auburn.edu/
CTFTime link: https://ctftime.org/event/1020
Category: Crypto
Challenge name: Shifty Shwoozy
Description: Eve woke up to this message after a really crazy night. Everything is shifted around. Can you figure out what it says?
You can download the message here: https://drive.google.com/file/d/1hshUoTtN5tgVjbpRNDujmBnKOJbJZcbS/view?usp=sharing
Difficulty: 4/10
...
https://www.youtube.com/watch?v=0rAAo79-MSk