Рет қаралды 44,440
00:00 - Intro
00:45 - Running nmap
01:20 - Using Firefox Developer Tools to inspect the page and see its a Python webserver
04:50 - Fuzzing parameters with ffuf to see if anything sticks out
05:40 - Ffuf isnt giving expected output, lets send the request to BurpSuite to find out we are missing a HTTP Header
08:20 - Adding the Content-Type header to ffuf and finally fuzzing special characters
16:00 - There is a MSFVenom CVE and it looks like the webpage uses MSFVenom
17:20 - Editing the MSFVenom exploit to place a reverse shell but the exploit keeps failing
21:30 - Using curl to test the RCE
22:20 - Validated we have RCE, building out a web cradle with our curl to execute code
24:20 - Reverse shell returned as kid user
24:45 - Looking at the web application and discovering a logs directory
25:40 - Using stty to fix up our reverse shell so vim/nano works
28:00 - Running GoSPY to examine processes on the box
28:50 - Ha. GoSpy found the MSFVenom RCE
31:20 - Examining the scanlosers.sh script to find a RCE
35:15 - Having trouble exploiting scanlosers, taking a deeper look at the script
37:00 - Reverse shell as pwn returned
37:50 - pwn can run metasploit with sudo, executing commands by just specifying a binary in MSF
38:50 - Showing the IRB console within metasploit which would give us another way to execute commands
39:45 - Taking a look at the MSFVenom exploit