can you hack this screenshot service?? - CSCG 2021
I made a web hacking challenge for the Cyber Security Challenge Germany (cscg) 2021.
Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/
00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro
-=[ ❤️ Support ]=-
→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео can you hack this screenshot service?? - CSCG 2021 канала LiveOverflow
Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/
00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro
-=[ ❤️ Support ]=-
→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео can you hack this screenshot service?? - CSCG 2021 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How To Protect Your Linux Server From Hackers!
What is a Browser Security Sandbox?! (Learn to Hack Firefox)
Crazy Steam Phishing Page
Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)
The Simplest Math Problem No One Can Solve - Collatz Conjecture
Dissecting Pokemon Red Savegame
Hacker Culture Meritocracy?
DO NOT USE alert(1) for XSS
Reverse Engineering PopUnder Trick for Chrome
Solving Nintendo HireMe!!! with "Basic" Math
How SUDO on Linux was HACKED! // CVE-2021-3156
Researching MissingNo Glitch in Pokemon
Clickbait is Unreasonably Effective
Google CTF - Authentication Bypass
XSS on Google Search - Sanitizing HTML in The Client?
What is a File Format?
Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
BSIDES CPT 2019 - Hacking satellites with Software Defined Radio (SDR) - Gerard de Jong
You Should Learn How to Hack | Ymir Vigfusson | TEDxReykjavik