HackTheBox - Paper

00:00 - Intro
00:55 - Start of nmap
01:45 - Checking out what version of Centos is running
03:20 - Running Feroxbuster and GoBuster
04:40 - Noticing a X-Backend-SErver header that leaks the virtual host Office.Paper
05:00 - Showing my favorite nmap script Banner-Plus
06:45 - Office.Paper is wordpress, running wp-scan
10:15 - Discovering a vulnerability that lets us read posts that are in drafts, finding a Rocket Chat Server
13:10 - Discovering a Rocker Chat Bot finding an LFI and getting a password which we can use to ssh
17:30 - Looking at the ps output of the server to see who the bot runs as
19:30 - Running LinPEAS
20:55 - Finding out it is vulnerable to CVE-2021-3560 Polkit Privilege Escalation
22:08 - Running the polkit exploit and creating a secnigma user

Support the originator by clicking the read the rest link below.