HackTheBox - Jarvis
01:00 - Begin of Recon
02:30 - Running Gobuster and examining the web page
05:10 - Room.php is the only page that accepts user input, basic testing for SQL Injection
05:40 - Using wfuzz to fuzz for special characters then getting our IP Banned :(
10:00 - Unbanned, running wfuzz again and examining unique responses
13:00 - Showing several ways to test for SQL Injection (subtraction and hex())
16:30 - Examining the MySQL Query Structure
17:30 - Explaining Union Injection
21:15 - Nested queries with union statements
23:20 - Extracting information out of Information_Schema to databases, tables, columns
24:08 - Using LIMIT to ensure only one row is returned
25:25 - Using GROUP_CONCAT to allow us to return multiple rows within union
32:20 - Extracting Mysql users/passwords then cracking MySQL (mode 300)
35:10 - Another way to get the password, LOAD_FILE() to view PHP Source Code
42:30 - PHPMyAdmin 4.8.0 RCE (LFI + Tainted PHP Cookie)
57:40 - Dropping a shell via the PHPMyAdmin exploit
59:30 - ALTERNATE Way to get Shell:Dropping a file from the SQL Injection
01:03:52 - Examining the PHP Cookie to see what happened with the PHPMyAdmin stuff
01:05:45 - Examing the Python Script we can execute as pepper with sudo
01:10:40 - We can execute code with $() but theres bad characters, so drop a bash script to disk
01:15:00 - Running find to look for setuid binaries, discover systemctl then check GTFO Bins
01:21:15 - Copying our Sysmctl Scripts out of /tmp then creating our malicious service
Видео HackTheBox - Jarvis канала IppSec
02:30 - Running Gobuster and examining the web page
05:10 - Room.php is the only page that accepts user input, basic testing for SQL Injection
05:40 - Using wfuzz to fuzz for special characters then getting our IP Banned :(
10:00 - Unbanned, running wfuzz again and examining unique responses
13:00 - Showing several ways to test for SQL Injection (subtraction and hex())
16:30 - Examining the MySQL Query Structure
17:30 - Explaining Union Injection
21:15 - Nested queries with union statements
23:20 - Extracting information out of Information_Schema to databases, tables, columns
24:08 - Using LIMIT to ensure only one row is returned
25:25 - Using GROUP_CONCAT to allow us to return multiple rows within union
32:20 - Extracting Mysql users/passwords then cracking MySQL (mode 300)
35:10 - Another way to get the password, LOAD_FILE() to view PHP Source Code
42:30 - PHPMyAdmin 4.8.0 RCE (LFI + Tainted PHP Cookie)
57:40 - Dropping a shell via the PHPMyAdmin exploit
59:30 - ALTERNATE Way to get Shell:Dropping a file from the SQL Injection
01:03:52 - Examining the PHP Cookie to see what happened with the PHPMyAdmin stuff
01:05:45 - Examing the Python Script we can execute as pepper with sudo
01:10:40 - We can execute code with $() but theres bad characters, so drop a bash script to disk
01:15:00 - Running find to look for setuid binaries, discover systemctl then check GTFO Bins
01:21:15 - Copying our Sysmctl Scripts out of /tmp then creating our malicious service
Видео HackTheBox - Jarvis канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![HackTheBox - Swagshop](https://i.ytimg.com/vi/qECG2_8xw_s/default.jpg)
![HackTheBox - Rope](https://i.ytimg.com/vi/GTQxZlr5yvE/default.jpg)
![HackTheBox - Charon](https://i.ytimg.com/vi/_csbKuOlmdE/default.jpg)
![HackTheBox - Mirai](https://i.ytimg.com/vi/SRmvRGUuuno/default.jpg)
![](https://i.ytimg.com/vi/gvx9zv0hDTc/default.jpg)
![HackTheBox - Networked](https://i.ytimg.com/vi/H3t3G70bakM/default.jpg)
![HackTheBox - Heist](https://i.ytimg.com/vi/fmBb6BgLsC8/default.jpg)
![HackTheBox - Crossfit](https://i.ytimg.com/vi/Z3Lj_YN0crc/default.jpg)
![HackTheBox - Intense](https://i.ytimg.com/vi/nBg6zUalb7c/default.jpg)
![HackTheBox - Zetta](https://i.ytimg.com/vi/8XmTz3A5rUo/default.jpg)
![HackTheBox - Time](https://i.ytimg.com/vi/JfonPpbX-oI/default.jpg)
![HackTheBox - Player](https://i.ytimg.com/vi/JpzREo7XLOY/default.jpg)
![HackTheBox - Oouch](https://i.ytimg.com/vi/EUtqjK27MxQ/default.jpg)
![HackTheBox - Chaos](https://i.ytimg.com/vi/no9UnySBQrU/default.jpg)
![HackTheBox - Magic](https://i.ytimg.com/vi/bLIcew9Iot8/default.jpg)
![HackTheBox - Falafel](https://i.ytimg.com/vi/CUbWpteTfio/default.jpg)
![HackTheBox - Ghoul](https://i.ytimg.com/vi/kE36IGAU5rg/default.jpg)
![HackThebox - Explore](https://i.ytimg.com/vi/ptJIUHQa4zM/default.jpg)
![UHC - Jarmis](https://i.ytimg.com/vi/R5aNxdD0_bs/default.jpg)
![HackTheBox - Laser](https://i.ytimg.com/vi/vD3jSJlc0ro/default.jpg)