00:00 - Introduction
00:50 - Start of nmap
02:00 - Discovering the page is Laravel based upon cookies
05:30 - Discovering the SQL Injection in Reset Password, then running SQLMap screwing up our results because we logged out in middle of SQLMap
18:50 - Cracking the user out of admin_users
20:00 - Logging into admin.usage.htb and discovering a vulnerable Laravel Admin, which is vulnerable to PHP File Upload in the avatar
24:10 - Shell returned on the box
28:30 - Discovering we can run 7z with sudo and the Wildcard Spare Trick will let us read files
Support the originator by clicking the read the rest link below.
