HackTheBox - Perfection
00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password
Видео HackTheBox - Perfection канала IppSec
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password
Видео HackTheBox - Perfection канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
HackTheBox - FlujabHHC2016 - AnalyticsHackTheBox - AgileHHC2016 - Getting CoinsHackTheBox - EvilCUPSHackTheBox - IntuitionHackTheBox - StratosphereHHC2016 - AdsHackTheBox - SnoopyHackTheBox - UsageHHC2016 - Terminal SpeedrunHHC2016 - ExceptionHackTheBox - OnlyForYouLooking into the Looney Tunable Linux Privesc CVE-2023-4911HackTheBox - ChaosHackTheBox - TravelHackTheBox - DeveloperUHC - ValidationHackTheBox - HealthDIY C2 - Malleable Agent ConfigHackTheBox - Keeper