HackTheBox - Codify

00:00 - Introduction 01:00 - Start of nmap 02:50 - Playing with the Javascript Editor, discovering filesystem calls are blocked 04:45 - Discovering the sandbox is vm2, going to github discovering it is discontinued with known security issues 06:30 - Getting code execution, then a reverse shell 09:50 - Discovering a second website with a database, cracking hashes in the database 12:50 - Discovering Joshua can run a bash script with sudo 15:00 - Looking at the Bash Common Pitfall guide which shows the error in the if/then logic in the bash script 15:55 - Explaining why the bash if/then is exploitable when user input is on the right side and unquoted 18:30 - Bypassing authentication in the script with a *, then looking at processes and seeing mysql censored the password on ps 20:50 - Running pspy which will grab the cmdline arguments before mysql has a chance to rewrite argv 21:50 - Showing HIDEPIDS in /etc/fstab to hide processes of other users 24:30 - Writing a program that can spoof argv on linux 26:30 - Showing how we grab the memory location of argv 27:30 - Looping over each argument, so we could overwrite a specific one if we wanted to 29:15 - Showing our process run with a blank process 33:30 - Making our program ps output blend in more