In this Hack The Box walkthrough you will learn how the Redis database can be vulnerable, if not hardened correctly. We will place an SSH key into the Redis users .ssh/authorised_keys file and login as that user. We then escalate to another user, by cracking their SSH key backup file, to finally gain root using an authenticated Webmin exploit.
Want to stay up to date in infosec? Then check out Pentest List, a curation of the latest top-rated tools and content in infosec: pentestlist.com
~~~
This is an educational video, gain permission from target owners before attempting anything from this tutorial. By not doing so, you risk being penalised by the computer misuse act or equivalent in your country
~~~
Don't forget to subscribe and like the video for continued Cyber Security viewing!
Redis-CLI: redis.io/download
Redis SSH Issue: packetstormsecurity.com/files...
Twitter: / turvsec
Негізгі бет Ойын-сауық Hack The Box: Postman Walkthrough [Redis, SSH, Webmin Exploit]
Пікірлер: 9