HackTheBox - Perfection
00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password
Видео HackTheBox - Perfection канала IppSec
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password
Видео HackTheBox - Perfection канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
HackTheBox - Flujab
HHC2016 - Analytics
HackTheBox - Agile
HHC2016 - Getting Coins
HackTheBox - EvilCUPS
HackTheBox - Intuition
HackTheBox - Stratosphere
HHC2016 - Ads
HackTheBox - Snoopy
HackTheBox - Usage
HHC2016 - Terminal Speedrun
HHC2016 - Exception
HackTheBox - OnlyForYou
Looking into the Looney Tunable Linux Privesc CVE-2023-4911
HackTheBox - Chaos
HackTheBox - Travel
HackTheBox - Developer
UHC - Validation
HackTheBox - Health
DIY C2 - Malleable Agent Config
HackTheBox - Keeper