GLPI: Offsec Proving Grounds Practice Lab - TJ Nulls's OSCP Prep (Hard Stuck)

Channel:

NoxLumens

Subscribers:

1,270

Published on September 7, 2024 5:30:09 PM ● Video Link: https://www.youtube.com/watch?v=hLvrRYCLj6g

Duration: 0:00

121 views

4

I was muted halfway through the video: Yippee. I guess it's a throw away though. I still need to upload it because it took a long time and I got to do a lot of cool stuff even if I did end up using a walkthrough to get through initial access. Sorry dudes. I don't know everything. :)
GLPI: Offsec Proving Grounds Practice Lab - TJ Nulls's OSCP Prep

array_map - call_user_function - passthru POC
https://github.com/noxlumens/CVE-2022...

TJ Nulls OSCP Prep List
https://docs.google.com/spreadsheets/...

------------------
My Certifications:
Practical Web Penetration Tester (PWPT): TCM Security - https://certifications.tcm-sec.com/pwpt/
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/17...
Twitch:   / noxlumens  

00:00 Catch up
20:00 Hard Stuck
25:00 Trying to understand
38:40 PHP call_user_func
40:15 Break 1
42:35 Trying to understand 2
43:30 PHP call_user_func 2
44:10 Break 2
45:16 I really want to understand
49:13 More Testing
50:40 PHP array_map
52:00 Testing 3
54:10 Playing with Responder in Burpsuite
=
55:30 Breaking down
58:00 looking at vulns
1:01:50 lost in the sauce
=
1:02:00
1:22:15 Looking up a Walkthrough to learn
1:29:00 Showing my POC
1:29:30 POC in description
1:35:00 I did try other exploit methods
1:36:00 maybe its a rabbit hole
1:40:25 nc reverse shell
1:41:22 user enumeration begins
1:42:00 Updating notes
1:43:00 Giving credit
1:44:05 MySQL login
1:47:30 cleaning up users
1:51:15 password cracking with john failure
1:52:33 back to enumerating the box
1:55:30 obsessing over the word config
1:58:37 Jetty and I missed it
2:02:00 netstat and I missed it
2:05:00 grep for fun and other things
2:07:45 rabbit
2:16:50 linpeas
2:38:15 update Bettys GLPI password
2:43:30 betty:normal
2:44:00 muted...
2:46:00 more credentials and update notes
2:47:00 searching for priv esc
2:49:00 jarring and netstat from earlier
2:51:00 port forwarding
2:52:15 jetty exploit
2:53:40 break
2:54:30 jetty cve
2:56:00 jetty poc GitHub
2:57:00 jetty rce
3:00:00 Hacktricks ptswarm jetty rce
3:01:00 Iamroot
3:02:00 Giving Credit Updating Notes