VL Shinra Part 1 – SQLi, Command Injection & Hash Cracking
This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various topics along the way.
This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various topics along the way.
There is no excerpt because this is a protected post.
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit.
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving password hashes from backups (via SAM) and a privilege escalation that involves stored credentials in mRemoteNG.
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :) Weirdly enough I couldn't get the user first blood - but more to that later.