HackTheBox - Ariekei HD

00:23 - Explaining VM Layout 01:47 - Nmap Start 05:20 - Poking at Virtual Host Routing (Beehive & Calvin) 10:25 - Fixing GoBuster to find /cgi-bin/ 11:48 - Enumerating WAF (Web Application Firewall), to see how it detects Shellshock 15:08 - Using VirtualHostRouting to navigate to Calvin.htb.htb 18:15 - Using ImageTragick to exploit Calvin 25:30 - Calvin Reverse shell returned 31:35 - Poking at /common, which allows pivot to Bastion Host 34:20 - SSH into the Bastion Host 38:45 - Explain SSH Local and Remote Port Forwarding 46:00 - Beehive Reverse Shell Returned 50:00 - Finding the root password via /common/containers/bastion-live/Dockerfile 54:50 - PrivEsc via Docker (much like the LXC shown in Calamity) 57:05 - Getting root access to filesystem ==== BOX DONE. 58:10 - Failing to get root shell via Crontab 01:06:20 - Yeah screw crontab, lets just create an ssh key.