Hacking Broker [HackTheBox Walkthrough]

In this Video, we covered another easy but fun Box! This one made us exploit a deserialisation vulnerability classed CVE-2023-46604 in Apache ActiveMQ. Before then escalating privileges through the nginx that we can run as root. Getting ready to tackle some harder boxes!


This is another one of the Boxes recommended by TJnull, to pwn in preparation for Pen-200(2023) otherwise known as the OSCP examination.(Offensive Security Certified Penetration Tester)

You can find the document here:
https://docs.google.com/spreadsheets/...

link to prepnote function on my Github:
https://github.com/0xDynamo/Prepnote

link to HTB Broker:
https://app.hackthebox.com/machines/B...

I hope you enjoy!

Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated


If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming.

You can join with this link:
https://referral.hackthebox.com/mz2rqum
==================================================

00:00 Welcome
00:46 Setup
01:49 Recon
04:04 enumerating SSH
05:24 enumerating HTTP
06:50 Fingerprinting Webserver
08:16 ActiveMQ
09:47 Looking for exploits
10:37 CVE-2023-46604
12:27 Exploiting AcitveMQ
16:32 Gaining initial Foothold
18:10 Improving Shell
21:01 Internal recon
21:48 Nginx can be ran as root
24:22 Inspecting nginx.conf locally
26:27 nginx file read
31:50 nginx root* file read
35:35 nginx root file write
39:05 Injecting public key into authorized key
42:35 Root.txt
43:27 Recap




Music:
Godriguez - Make This Magic

Link:
   • Make This Magic by Godriguez