Gaining Admin HackTheBox’s Buff Machine Exploiting Unauthenticated File Upload Remote Code Execution

 In this video, I’ll take you step-by-step through my journey to becoming an admin on HackTheBox’s Buff machine. Using tools like Netcat, LazyOwn RedTeam framework, and MSFvenom, I exploited an unauthenticated file upload vulnerability in the Gym Management System 1.0, gaining remote code execution (RCE). After replacing the shellcode with one generated using MSFvenom, I executed the script, sending my payload to the service running on port 8888. Watch as I use these powerful tools to execute a successful attack and elevate my privileges to admin on this easy Windows box!

https://youtu.be/M6jZ9znNdyA #HackTheBox #BuffMachine #Cybersecurity #EthicalHacking #PenetrationTesting #RemoteCodeExecution #RCE #FileUploadVulnerability #MSFvenom #Netcat #LazyWuan #RedTeamFramework #WindowsHacking #PrivilegeEscalation 00:00 - Introduction 03:00 - Initial Enumeration 08:00 - Exploring Gym Management System 12:00 - File Upload Vulnerability Discovery 18:00 - Crafting and Uploading the Malicious Payload 23:00 - Gaining Remote Code Execution 28:00 - Setting Up Reverse Shell with Netcat 33:00 - Lateral Movement to CloudMe Service 38:00 - CloudMe Exploit Analysis 45:00 - Using Chisel for Port Forwarding 50:00 - Generating Shellcode with MSFvenom 55:00 - Exploiting CloudMe to Gain Administrator Privileges 01:05:00 - Conclusion and Final Thoughts [⚠] Starting 👽 LazyOwn RedTeam Framew0rk ☠ [;,;] Autor: grisUN0 [wlp2s0] 192.168.1.94 [tun0] 10.10.14.2 [+] Updated prompt with rhost: 10.10.10.198 and current directory. [👽] [*] Welcome to the LazyOwn Framework [;,;] vvvrelease/0.2.5 [*] interactive sHell! Type ? to list commands [!] Please do not use in military or secret service organizations, [!] or for illegal purposes (this is non-binding, [!] these *** ignore laws and ethics anyway) [+] Github: https://github.com/grisuno/LazyOwn [+] Web: https://grisuno.github.io/LazyOwn/ [+] Reddit: https://www.reddit.com/r/LazyOwn/ [+] Facebook: https://web.facebook.com/profile.php?id=61560596232150 [+] HackTheBox: https://app.hackthebox.com/teams/overview/6429 [+] Grisun0: https://app.hackthebox.com/users/1998024 [+] Patreon: https://patreon.com/LazyOwn [↙] Download: https://github.com/grisuno/LazyOwn/archive/refs/tags/vvvrelease/0.2.5.tar.gz