Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID

Channel:
United States NoxLumens
Subscribers:
1,270
Published on ● Video Link: https://www.youtube.com/watch?v=t69pFt9FpBo


Duration: 51:36
103 views
6

I'm going through these boxes as a part of TJ Nulls list for Offsec's Pen-200 course as preparation before I take the deep dive into the course content.

- Tiny File Manager CVE
- Websocket SQLI
- Sticky Bits SUID

Soccer is an easy difficulty Linux machine that features a foothold based on default credentials, forfeiting access to a vulnerable version of the Tiny File Manager , which in turn leads to a reverse shell on the target system ( CVE-2021-45010 ). Enumerating the target reveals a subdomain which is vulnerable to a blind SQL injection through websockets. Leveraging the SQLi leads to dumped SSH credentials for the player user, who can run dstat using doas - an alternative to sudo . By creating a custom Python plugin for doas , a shell as root is then spawned through the SUID bit of the doas binary, leading to fully escalated privileges

Skills Required
- Basic web enumeration
- Basic Linux enumeration
------------------
Skills Learned
- Identifying blind SQL Injections
- Leveraging SUID binaries to escalate privileges
------------------
Tools
- manual enumeration
- CVE
- Websocket
- SQLmap
------------------
My Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/179139
Twitch: https://twitch.tv/noxlumens



Other Videos By NoxLumens


2024-05-31Authby - Offsec Proving Grounds Practice TJ Null OSCP Prep
2024-05-25Twiggy - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-24TryHackMe - CyberLens - Hack Smarter
2024-05-18Amaterasu - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-11Driftingblue6 - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-03Election - Proving Grounds Play - TJ Nulls OSCP Prep
2024-04-23Blogger - Proving Grounds Play (TJ Nulls OSCP Prep)
2024-04-04Pandora - Hackthebox OSCP Prep TJ Nulls
2024-03-28Broker - Hackthebox OSCP Prep TJ Nulls
2024-03-27Updown - Hackthebox - OSCP Prep TJ Nulls
2024-03-26Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
2024-03-19Blackfield - Hackthebox (OSCP Prep) TJ Nullls
2024-03-16Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
2024-03-15Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
2024-03-14StreamIO - Hackthebox
2024-03-08How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
2024-03-06Support - HacktheBox (OSCP Prep) - TJ NULLS
2024-03-05Servmon - Hackthebox (OSCP Prep)
2024-03-04Escape - Hackthebox (OSCP Prep)
2024-03-03catchGame
2024-03-03100 SUBS! - Am I a "l33t" Hacker Yet?


Tags:
noxlumens
noxlumen
hacking
cyber security
oscp
oscp prep
kali linux
hacker
malware
active directory
pentesting
web app pentesting
network pentesting
cyber ctf
offsec
offsec oscp
offsec proving grounds
gobuster
enumeration
hackthebox
netexec
tjnulls
tj nulls oscp
ssh port forward
how to hack
how to be a hacker
hacking for beginners
hackthebox training
soccer hackthebox
soccer htb
web socket
linux enumeration