Скачать с ютуб HackTheBox - Bizness в хорошем качестве

HackTheBox - Bizness

00:00 - Introduction 01:00 - Start of nmap 03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here 04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster 07:40 - Discovering the OfBiz Version, looking for exploits 09:00 - Going over the Authentication Bypass in OfBiz 12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions 14:30 - Building a ReverseShell Payload that works with YSOSERIAL 18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Database 22:30 - Copy the Derby Database then using IJ from Derby-Tools to dump the data 26:40 - The hash in the database is a URL Base64 Encoded, decoding it reveals it has a length of 40 which is normal for Sha1Sum. Decoding it then cracking with hashcat