HackTheBox - Inject

00:00 - Introduction 00:58 - Start of nmap 01:45 - Trying to identify the technology running the webapp, 404 page reveals it is likely tomcat 03:00 - Running Gobuster, then checking out the page 04:00 - Uploading an image and discovering an file disclosure vulnerability 05:15 - Talking about how File Disclosures in Java can reveal directory listings, and grabbing pom.xml 07:45 - Using Snyk to identify vulnerabilities, but first we have to install Maven 10:45 - Exploiting CVE-2022-22963 Manually 11:55 - Playing with the exploit getting a reverse shell by dropping a file on the box (easy), then doing it without touching disk 18:30 - Shell as Frank, finding a password in the .m2/settings.xml file 19:50 - Shell as Phil 22:00 - Using find to show files owned by a group and finding a /opt/automation/tasks directory with ansible stuff 24:10 - Running Pspy to identify ansible is running on a cron job and executing any playbook in the automation directory 26:30 - Creating a playbook that sends us a shell