L33t hacks In Minecraft | The BEST Hack the Box Crafty Walkthrough
Vložit
- čas přidán 6. 09. 2024
- Crafty was an easy windows box that while really cool in concept, I think personally was not the best in execution. It centers around exploiting a Minecraft server with log4j.
The user step starts by enumerating a website dedicated to what seems like some kind of a custom Minecraft server. From the port scan we can also see a Minecraft server as an open port. Next is downloading a client to interact with the Minecraft server. The attacker can either use a normal Minecraft version or find a CLI version online. The third step is where the box had its largest problems that people were not happy with, exploiting log4j. There are POC's available for exploiting it that make the process very simple, however they tend to crash the Minecraft server, making the box very unstable in multiplayer environments. This log4j exploit can be used to to obtain a shell on the box and complete the user stage.
The privilege escalation was also kind of tricky. Searching around the box the attacker comes across a plugin directory with a jar archive. Bringing this back to the attacking machine and de-compiling it reveals a password for the admin user. This can then be used with RunasCs to create a reverse shell executable, upload it to the victim machine, and run it as the admin user. All put together this results in a reverse shell as Administrator and completes the machine.
Please zoom on Terminal Screen or Increase the font size. It will be helpful.
sorry, this was recorded months ago and the quality is honestly not very good, the screen is dark and blurry, many other things I need to fix for the next one.
I will take your feedback in mind and increase font sizes for sure :)
still learning video production!