HackTheBox - Book
00:00 - Intro
00:34 - Begin of Recon
01:45 - Enumerating the login page
03:05 - Creating an account, identifying what fields are unique
05:00 - Logged into the page, examining functionality starting with the download.php file
07:30 - Playing with the search field
08:00 - Playing with XSS by using img src
13:00 - Examining the user signup more closely
15:25 - Viewing javascript on the page to show there is a maximum number of characters in username/email
17:20 - Start of attempting SQL Truncation attack
22:25 - Attempting to login to /admin/ with our account to see we get in, then redoing everything to explain it.
23:20 - Explaining the SQL Truncation Attack
35:40 - Noticing the PDF Generation processes HTML and probably JavaScript
39:00 - Using a Javascript payload that reads a local file on the box
45:20 - Getting rid of the Base64 Encoding in the payload and reading /etc/passwd
46:18 - Trying (and failing) to grab /proc/self/environ
54:10 - Attempting to grab an SSH Key for the Reader User
56:00 - SSH Key is poorly formatted. Using pdf2text to see if formatting is better
57:30 - PDF2Text didn't work, lets try PDF2HTML which does a great job
59:45 - Revisiting the Base64 Payload to see if PDF2HTML grabs all the Base64 (it does)
1:02:15 - Running LINPEAS to see we may be able to exploit log rotate
1:06:10 - Poorly explaining how logrotten works
1:12:30 - Performing the Logrotten exploit to get a reverse shell
1:18:15 - Finally keeping the reverse shell alive
1:20:25 - Examining how the SQL Truncation vulnerability came to be by looking at the PHP Source Code and then SQL Table Schema
1:27:30 - Showing how it determines the admin user and uses trim() which is why our attack works
1:29:40 - Examining the PHP Sessions
Видео HackTheBox - Book канала IppSec
00:34 - Begin of Recon
01:45 - Enumerating the login page
03:05 - Creating an account, identifying what fields are unique
05:00 - Logged into the page, examining functionality starting with the download.php file
07:30 - Playing with the search field
08:00 - Playing with XSS by using img src
13:00 - Examining the user signup more closely
15:25 - Viewing javascript on the page to show there is a maximum number of characters in username/email
17:20 - Start of attempting SQL Truncation attack
22:25 - Attempting to login to /admin/ with our account to see we get in, then redoing everything to explain it.
23:20 - Explaining the SQL Truncation Attack
35:40 - Noticing the PDF Generation processes HTML and probably JavaScript
39:00 - Using a Javascript payload that reads a local file on the box
45:20 - Getting rid of the Base64 Encoding in the payload and reading /etc/passwd
46:18 - Trying (and failing) to grab /proc/self/environ
54:10 - Attempting to grab an SSH Key for the Reader User
56:00 - SSH Key is poorly formatted. Using pdf2text to see if formatting is better
57:30 - PDF2Text didn't work, lets try PDF2HTML which does a great job
59:45 - Revisiting the Base64 Payload to see if PDF2HTML grabs all the Base64 (it does)
1:02:15 - Running LINPEAS to see we may be able to exploit log rotate
1:06:10 - Poorly explaining how logrotten works
1:12:30 - Performing the Logrotten exploit to get a reverse shell
1:18:15 - Finally keeping the reverse shell alive
1:20:25 - Examining how the SQL Truncation vulnerability came to be by looking at the PHP Source Code and then SQL Table Schema
1:27:30 - Showing how it determines the admin user and uses trim() which is why our attack works
1:29:40 - Examining the PHP Sessions
Видео HackTheBox - Book канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
HackTheBox - Player2
HackTheBox - Unbalanced
HackTheBox - Jarvis
HackTheBox - ServMon
HackTheBox - Kryptos
HackTheBox - Flux Capacitor
HackTheBox - Fatty
HackTheBox - Luke
HackTheBox - Shocker
HackTheBox - Kotarak
Advanced Windows Logging - Finding What AV Missed
HackTheBox - Armageddon
HackTheBox - Multimaster
HackTheBox - Obscurity
HackTheBox - Unattended
HackTheBox - Oouch
HackTheBox - Intense
HackTheBox - Dyplesher
HackTheBox - Sink
HackTheBox - Magic