can you hack this screenshot service?? - CSCG 2021
I made a web hacking challenge for the Cyber Security Challenge Germany (cscg) 2021.
Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/
00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro
-=[ ❤️ Support ]=-
→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео can you hack this screenshot service?? - CSCG 2021 канала LiveOverflow
Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/
00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro
-=[ ❤️ Support ]=-
→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео can you hack this screenshot service?? - CSCG 2021 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How To Protect Your Linux Server From Hackers!What is a Browser Security Sandbox?! (Learn to Hack Firefox)Crazy Steam Phishing PageHardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)The Simplest Math Problem No One Can Solve - Collatz ConjectureDissecting Pokemon Red SavegameHacker Culture Meritocracy?DO NOT USE alert(1) for XSSReverse Engineering PopUnder Trick for ChromeSolving Nintendo HireMe!!! with "Basic" MathHow SUDO on Linux was HACKED! // CVE-2021-3156Researching MissingNo Glitch in PokemonClickbait is Unreasonably EffectiveGoogle CTF - Authentication BypassXSS on Google Search - Sanitizing HTML in The Client?What is a File Format?Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020BSIDES CPT 2019 - Hacking satellites with Software Defined Radio (SDR) - Gerard de JongYou Should Learn How to Hack | Ymir Vigfusson | TEDxReykjavik