HackTheBox - Book
00:00 - Intro
00:34 - Begin of Recon
01:45 - Enumerating the login page
03:05 - Creating an account, identifying what fields are unique
05:00 - Logged into the page, examining functionality starting with the download.php file
07:30 - Playing with the search field
08:00 - Playing with XSS by using img src
13:00 - Examining the user signup more closely
15:25 - Viewing javascript on the page to show there is a maximum number of characters in username/email
17:20 - Start of attempting SQL Truncation attack
22:25 - Attempting to login to /admin/ with our account to see we get in, then redoing everything to explain it.
23:20 - Explaining the SQL Truncation Attack
35:40 - Noticing the PDF Generation processes HTML and probably JavaScript
39:00 - Using a Javascript payload that reads a local file on the box
45:20 - Getting rid of the Base64 Encoding in the payload and reading /etc/passwd
46:18 - Trying (and failing) to grab /proc/self/environ
54:10 - Attempting to grab an SSH Key for the Reader User
56:00 - SSH Key is poorly formatted. Using pdf2text to see if formatting is better
57:30 - PDF2Text didn't work, lets try PDF2HTML which does a great job
59:45 - Revisiting the Base64 Payload to see if PDF2HTML grabs all the Base64 (it does)
1:02:15 - Running LINPEAS to see we may be able to exploit log rotate
1:06:10 - Poorly explaining how logrotten works
1:12:30 - Performing the Logrotten exploit to get a reverse shell
1:18:15 - Finally keeping the reverse shell alive
1:20:25 - Examining how the SQL Truncation vulnerability came to be by looking at the PHP Source Code and then SQL Table Schema
1:27:30 - Showing how it determines the admin user and uses trim() which is why our attack works
1:29:40 - Examining the PHP Sessions
Видео HackTheBox - Book канала IppSec
00:34 - Begin of Recon
01:45 - Enumerating the login page
03:05 - Creating an account, identifying what fields are unique
05:00 - Logged into the page, examining functionality starting with the download.php file
07:30 - Playing with the search field
08:00 - Playing with XSS by using img src
13:00 - Examining the user signup more closely
15:25 - Viewing javascript on the page to show there is a maximum number of characters in username/email
17:20 - Start of attempting SQL Truncation attack
22:25 - Attempting to login to /admin/ with our account to see we get in, then redoing everything to explain it.
23:20 - Explaining the SQL Truncation Attack
35:40 - Noticing the PDF Generation processes HTML and probably JavaScript
39:00 - Using a Javascript payload that reads a local file on the box
45:20 - Getting rid of the Base64 Encoding in the payload and reading /etc/passwd
46:18 - Trying (and failing) to grab /proc/self/environ
54:10 - Attempting to grab an SSH Key for the Reader User
56:00 - SSH Key is poorly formatted. Using pdf2text to see if formatting is better
57:30 - PDF2Text didn't work, lets try PDF2HTML which does a great job
59:45 - Revisiting the Base64 Payload to see if PDF2HTML grabs all the Base64 (it does)
1:02:15 - Running LINPEAS to see we may be able to exploit log rotate
1:06:10 - Poorly explaining how logrotten works
1:12:30 - Performing the Logrotten exploit to get a reverse shell
1:18:15 - Finally keeping the reverse shell alive
1:20:25 - Examining how the SQL Truncation vulnerability came to be by looking at the PHP Source Code and then SQL Table Schema
1:27:30 - Showing how it determines the admin user and uses trim() which is why our attack works
1:29:40 - Examining the PHP Sessions
Видео HackTheBox - Book канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![HackTheBox - Player2](https://i.ytimg.com/vi/ehoh6g5dSWk/default.jpg)
![HackTheBox - Unbalanced](https://i.ytimg.com/vi/L_FYYJPVywM/default.jpg)
![HackTheBox - Jarvis](https://i.ytimg.com/vi/YHHWvXBfwQ8/default.jpg)
![HackTheBox - ServMon](https://i.ytimg.com/vi/4tCD0GemXYg/default.jpg)
![HackTheBox - Kryptos](https://i.ytimg.com/vi/4uCoI5YzOwk/default.jpg)
![HackTheBox - Flux Capacitor](https://i.ytimg.com/vi/XLIBbkQJKuY/default.jpg)
![HackTheBox - Fatty](https://i.ytimg.com/vi/3bvKLj0akMM/default.jpg)
![HackTheBox - Luke](https://i.ytimg.com/vi/gaBdfD4BGBo/default.jpg)
![HackTheBox - Shocker](https://i.ytimg.com/vi/IBlTdguhgfY/default.jpg)
![HackTheBox - Kotarak](https://i.ytimg.com/vi/38e-sxPWiuY/default.jpg)
![Advanced Windows Logging - Finding What AV Missed](https://i.ytimg.com/vi/C2cgvpN44is/default.jpg)
![HackTheBox - Armageddon](https://i.ytimg.com/vi/8ikdbyOQsLg/default.jpg)
![HackTheBox - Multimaster](https://i.ytimg.com/vi/iwR746pfTEc/default.jpg)
![HackTheBox - Obscurity](https://i.ytimg.com/vi/veq3w_j0WZQ/default.jpg)
![HackTheBox - Unattended](https://i.ytimg.com/vi/2SATzCQY0Zw/default.jpg)
![HackTheBox - Oouch](https://i.ytimg.com/vi/EUtqjK27MxQ/default.jpg)
![HackTheBox - Intense](https://i.ytimg.com/vi/nBg6zUalb7c/default.jpg)
![HackTheBox - Dyplesher](https://i.ytimg.com/vi/F6oSpOWOjSQ/default.jpg)
![HackTheBox - Sink](https://i.ytimg.com/vi/8gf5YvvY1yc/default.jpg)
![HackTheBox - Magic](https://i.ytimg.com/vi/bLIcew9Iot8/default.jpg)