HackTheBox - Sekhmet

00:00 - Intro
01:11 - Start of nmap
04:00 - Running ffuf to discover the portal virtual host
06:40 - Logging in with admin:admin and discovering a new cookie
09:15 - Looking at the Node-Serialize exploit
10:20 - Attempting to do the exploit and discovering modsecurity blocks us, then putting some unicode in the payload to evade it
16:20 - Whoops forgot to end the payload with (), so thats why we didn't get our shell
17:11 - EDIT Looking …

blocking cookie discover end error evade exploit hackthebox host log logging logging in modsecurity nginx nmap node payload portal sekhmet shell start unicode virtual whoops