Hack The Box Stocker Machine | Complete Walkthrough #htb #hackthebox

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone welcome back to my YouTube channel today I'm gonna walk you through this docket machine of hack the Box so I have already connected to the VPN or pack the box as you guys can see here and this is our IP address in this machine we will see how the ssrf vulnerability occur uh that is server side request forgery the csrf vulnerability occurred when the attacker gained the ability to manipulate an application enabling them to make requests to any domain they desire let's start off with our nmap scan I have copied the IP okay let me paste the IP here okay let's wait okay so our nmap scan is completed and we have Port 22 open that is SSH and we have Port 80 open engine X is running okay nginx 1.18 Ubuntu great so let's enumerate the HTTP service let me copy the IP address and stalker.hdb so we know how to solve this let me copy it we have to open the Nano at C host file and you have to paste the domain here that is Docker Dot htb and let me grab the IP address okay paste it here space okay let me save the file get at C host so our IP address and the domain is here and now we can access the site let's refresh it okay stalker service about us stock your shelves with our products work with us yeah lady great okay so there is no login page we can see so let's enumerate the subdomain I'm using the Go Buster so let's hit enter so we have found this Dave dot stalker.htb domain let's copy it and save it in our Etsy host let me copy the IP address we have to paste it here let's save the file these two domains are here let's go back and we have to write hit enter okay I'm sorry I have write s here and now let's hit enter okay so this is the login page let's write the basic username and password admin admin it won't work so I have already tried bypassing the SK live but hadn't any luck so I decided to try nosql Json bypass because there are two types of database first one is SQL and the second one is nosql let's write nosql Json bypass and you will see this nosql injection from hack tricks click on that and we're gonna use this basic authentication bypass in Json let's copy it and let's start our verb admin admin sign in now we have to change the payload username null password okay and we have to change the content type that is Json let's forward this request forward and you will see we will redirect it to this stock page okay I have turned the Interceptor off so this is the page buy stock now we have four products uh let's add add it to basket okay okay I have added two item the cup and the bin let's see the view card bin and cup is added so let's submit the purchase thank you for your purchase your order details I will email to you okay click here okay cup is 32 minutes 70. sex okay let's start the Bob Suite and let's see the view card two items are there right let's submit okay now let's change this field that is cup to let's say pen and let's forward this okay now let's click okay let me turn it off let's click here okay the pen is here right so we can add our payload here so let's search the ssrf dynamic PDF exploit and this is a server side xss Dynamic PDF you will see from hack tricks and we will use this iframe tag okay in the title field okay let me copy it so let's paste the payload here iframe source is file Etsy password okay now let's forward it forward forward Okay click here okay sorry turn this off and okay so we are getting the result that is cool but we have we have to add the dimension that is height and width so let me change the payload so we have already copied the payload now we have to add the dimension that is height equal to 600 and width equal to 600 now let's forward it off click here okay let me close these tabs huh Road win game band proxy management so we have this mongodb user and we have this Angus or Angus doesn't matter how you pronounce it or Canada bin bash okay and the purchaser is also Angus so we have to get the credential of this user right so for that matter what we will do let me start my burp suite and close it view card okay submit purchase we already know that the nginx server is running so let's see the configuration file of nginx let me paste the payload here okay so I'm using the Etsy nginx or nginxcon file so let's forward it okay so here is the result turn this off and click here okay in the next page you will see okay user data and as you guys can see here the virtual host config configurations are here index index.html index.htm nginx debian.htm okay so we know that this dev.stalker.hdb operate from this directory that is why ww Dev so using this knowledge and our node.js naming scheme we can try this payload let me show you okay view card start the verb submit the purchase okay now we can insert this payload via ww Dave index.js let's forward it forward and we have to click here so we'll get the password of this user I heard the passphrase are pretty secure let's copy it let me open my Notepad okay so let's perform the SSH to this angos user hit enter and let me copy the password here okay we are now Angus user okay so let's do the ls and we got our user flag cat user.txt okay here is our flag now let's write this pseudo hyphen l and we have to provide the password okay let me copy it again matching default entries for angles on stocker so basically we are able to run node.js as root against this USR local script that ends with the file should ends with the dot Js so we can use the path traversal to execute a script so let's write the ref shell that is reverse shells and click on the first link that is reverse shell generator online and our application is node.js so we'll scroll down python are okay node.js child node.js second okay okay let's copy it and let's create a file Nano flag dot Js hit enter paste it okay the client connection is nine zero zero one and we have to provide our inet address here okay let me create a new tab the write ifconfig copy your init address your inet address will be different okay let's paste the IP address cat flag dot Js okay it is there now we have to set up our netcat on 9001 this is our Port 9001 hit enter and we have to run the script so low hyphen L okay let me see the script okay here sudo USR bin node uh USR local script oh and goes and flag.js right so this is our file that we have to run so let's hit enter okay okay connect to this IP address let's write who am I VR root let's write PWD okay we are in the home directory of this and goes user I hate pronouncing his name let's write CD PWD we are in root let's write LS okay we have got the root flag cat root Dot txt and let me copy the flag first copy it submit the flag flag accepted great so we have successfully completed the stopcutter machine of hack the box so we have seen the web app related details and the interesting scenarios of disclosing local files uh through PDF is quite unique so if you are interested uh learning more about it you can check out this article we'll put the link in the description box like you will learn about the cross-site scripting blind excesses and this server side request forgery that is ssrf attack to be honest we cannot categorize this particular machine as an easy because you have to done a lot of things you have to research a lot you have to read a lot so according to me it's not an easy machine for a beginner basically but I have learned a lot from this so check out this particular article and I hope you have learned something new so that's it for this video guys I hope you like it if you did then please share this video with your friends or your hacking buddies make sure that you guys are subscribing to my YouTube channel we'll see in my next video till then take care and keep learning bye
Info
Channel: Afshan - AFS Hackers Academy
Views: 1,908
Rating: undefined out of 5
Keywords: stocker machine of hack the box, htb stocker machine, stocker easy hack the box machine, htb stocker machine complete walkthrough, stocker machine easy htb, htb stocker machine walkthrough video, stocker machine walkthrough, htb stocker machine walkthrough
Id: 7aLkRBnfHeE
Channel Id: undefined
Length: 16min 27sec (987 seconds)
Published: Mon Jun 26 2023
Related Videos
HackTheBox - Broker
IppSec
23K
A Beginner's Guide to Cybersecurity & Ethical Hacking using Hack The Box
LTN Labs
9.3K
HackTheBox - TwoMillion
IppSec
33K
GoogleFU OSINT Tool Gather Target Info and Hunt Down Social Media Account | Installing Tutorial
cyberninja
6.5K
How Hackers Could Brute-Force SSH Credentials to Gain Access to Servers
Null Byte
181K
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp.org
1.9M
HackTheBox - Lame - Walkthrough
HackerSploit
206K
I Played HackTheBox For 30 Days - Here's What I Learned
Grant Collins
259K
HackThebox - Wifinetic
IppSec
15K
Tier 1: HackTheBox Starting Point - 6 Machines - Full Walkthrough (beginner friendly)
CryptoCat
46K
Everything I Learned at Stanford Business School in 28 Minutes
jayhoovy
13K
how hackers hack any websites in minutes?!
Loi Liang Yang
211K
Forest - Hack The Box | Complete Walkthrough | Windows OSCP like
Afshan - AFS Hackers Academy
611
HOW TO CONNECT TO HACK THE BOX hackthebox.eu | Cyber Security
Technology Interpreters
23K
Exploiting Tomcat with LFI & Container Privesc - "Tabby" HackTheBox
John Hammond
62K
Step-by-Step Guide: Installing Kali Linux on VMware Workstation Player | Kali Linux 2023.3
Afshan - AFS Hackers Academy
9K
HackTheBox - Stocker
IppSec
13K
HackTheBox - Bizness Walkthroughs | OFBIz Authentication Bypass
KacungZup
1.5K
Tienes que Aprender a usar esta Herramienta de OSINT | RECON-NG | Hacking Etico
THackeo
1.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.