HackTheBox - Reddish

00:55 - Begin of Recon (Port Scans) 04:09 - Reverse Image Searching an favicon to get application used 08:20 - NODE-RED: Reverse Shell Returned 15:30 - NODE-RED: Running IP and Port Scans to identify lateral movement targets 24:29 - Downloading Chisel (Go Program for Tunnels). 25:00 - Shrinking Go Programs by using ldflags and upx packing from 10Mb to 3Mb! 27:00 - PowerPoint: Explaining Reverse Pivot Tunnel using Chisel 31:25 - WWW: Tunnel online, examining the website 34:23 - Full Port Scan to 172.19.0.2, discover REDIS 36:30 - Searching for ways to execute code against REDIS 38:07 - Using REDIS to create a PHP Shell 41:06 - PowerPoint: Explaining Local Pivot Tunnel using Chisel 44:30 - WWW: Reverse Shell Returned 45:45 - Notice wildcard used with RSYNC, go search GTFOBins 51:32 - Abusing the wildcard within RSYNC 57:23 - WWW: Got Root, but no flag... Lets go look at RSYNC again. 01:00:15 - Explaining how to tunnel from Backup - WWW - NODE-RED - Kali 01:17:50 - Getting reverse shell on BACKUP via uploading CronJob through rsync 01:20:30 - BACKUP: Reverse Shell Returned... No root.txt here either!? 01:26:30 - BACKUP: Noticing this is has /dev/sda*, where other dockers do not 01:28:15 - BACKUP: Dropping a cronjob on root disk to get shell on the host 01:30:45 - ExtraContent: PowerPoint Reverse SOCKS5 Proxy with Chisel