HackTheBox - Spectra

00:00 - Start
01:00 - Nmaping the box
03:00 - Checking out the web pages, discovering Wordpress
04:00 - Getting the username of wordpress by looking at the blog post author
06:30 - Running WpScan with Plugins-detection
08:25 - Finding an open directory on the testing site, accessing a backup
09:15 - Attempting to login with MySQL but cannot due to the account only being allowed on localhost
12:30 - Logging into wordpress with administrator and the devteam01 password
13:25 - Getting a shell through WordPress by editing an unused theme
15:50 - Failing to get a reverse shell...
19:30 - Using a common PHP Reverse Shell
20:45 - Discovering we are on a ChromeBook
24:50 - Discovering a password in autologin
26:30 - Using the password with local users on the box
27:10 - Logging in with Katie then seeing she can run sudo initctl
31:20 - Failing to play with init files, switching to a simpler method of testing code exec
32:15 - Putting a python reverse shell inside of init and getting root