HackTheBox - SecNotes
01:05 - Begin of recon 02:45 - Checking out the website 03:50 - Using wfuzz to enumerate usernames 05:45 - Logging in with an account we created 07:23 - Checking out Change Password and noticing it does this poorly 09:25 - Using the contact form, to see if tyler will follow links 14:14 - Changing Tyler's password by sending him to the ChangePassword Page 15:00 - Logged in and find SMB Share with credentials. 16:15 - Found a webshare but not sure the directory it executes from. Begin hunting for a different webserver. 17:48 - Port 8808 found via nmap'ing all ports. Creating a php script to gain code execution 19:15 - Downloading netcat for windows to use as a Reverse Shell 21:14 - Playing with Bash on Windows 22:35 - Finding the administrator password in ~/.bash_history -- Box done 23:45 - Alternate way to find the .bash_history file 25:36 - Unintended way to bypass the CSRF. SQL Injection + bad Static Code analysis In the Holiday video, I do a bit more that may be helpful with card type attacks : • HackTheBox - Holiday

HackTheBox - Silo

HackTheBox - Tartarsauce

HackTheBox - Escape

Deep House Mix 2026 | Emotional Night Drive, Vocal House, Nu Disco | Chill Mood

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Heidi Reichinnek spricht Merz direkt an - und dann passiert DAS...

HackTheBox - Remote

HackTheBox - Active

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

HackTheBox - Monteverde

How The Dark Web Actually Works | How Crime Works | Insider

HackTheBox - Blackfield

HackTheBox - Sniper

The Biggest Hacking Mystery of Our Time: Shadow Brokers

Alice Weidel furious! 😳 Our parliamentary group leader tears into Merz! - AfD Parliamentary Group

The World's Most Important Machine

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing

HackTheBox - Bounty

HackTheBox - Magic

