HackTheBox - Teacher

00:40 - Begin of recon 02:00 - Poking around at the website to identify what techologies it utilizes 02:30 - Discovering something odd about 03:25 - Downloading 5.png to discover it is a text file with a portion of a password 06:00 - Finding a place to login (/moodle), attempt to enumerate valid usernames 08:00 - Using wfuzz to bruteforce the password 11:20 - Looking for a way to enumerate Moodle Versions 13:20 - Searching for exploits for this version and finding "Bad Teacher" 14:40 - Start of manually exploiting this vulnerability 16:00 - Adding a "Calculated Question" which has the formula (vulnerable) parameter 20:16 - Finding artifacts of creating/testing the machine which spoils what we are supposed to do 24:21 - Fixing our forumla to allow for code execution 28:30 - Getting a reverse shell 30:00 - Looking around the MySQL Database to discover hashes of other users 31:52 - The account Giovannibak stands out due to the hash being