Скачать или смотреть Backdrop CMS Exploit | Dog - Hack The Box (HTB) Walkthrough

In this video, we fully compromise the Dog box on Hack The Box (HTB) by exploiting an exposed .git directory left by the developer. By dumping the repository, we retrieve the settings.php file containing the database credentials which turn out to be reused as the admin password. This misconfiguration leads us to gain remote code execution (RCE) on the server running Backdrop CMS 1.x. The admin privileges allow an attacker to exploit Remote Code Execution by uploading a malicious archive containing a `PHP` backdoor to gain an initial foothold. The `johncusack` user account also reuses the `BackdropCMS` password. After compromising the `johncusack` account, the we can run the `bee` executable with `sudo` privileges, which allows the attacker to gain root privileges.

Try it yourself: https://www.hackthebox.com/machines/dog

00:00 - Introduction
02:16 - Initial Enumeration
13:54 - Dumping git repository
24:32 - Backdrop CMS scan
27:30 - Username Enumeration
37:36 - Getting a reverse shell
50:24 - Privilege Escalation 1
51:26 - Password Spraying
55:22 - Privilege Escalation 2 (root)

Git-Dumper:
https://github.com/arthaud/git-dumper

BackDropScan:
https://github.com/FisMatHack/BackDro...

Backdrop CMS 1.20 Exploit
https://github.com/V1n1v131r4/CSRF-to...

#appsecurity #backdrop #CyberSecurity #HackTheBox