HackTheBox - Interface
Рет қаралды 13,770
Күн бұрын00:00 - Introduciton
00:50 - Start of nmap, navigating to the page and identifying the framework based upon 404
02:30 - Playing around looking at javascript source, not getting anything
04:30 - Playing around with prd.m.rengering-api.interface.htb... I'm guessing file not found is the webserver, not actual code.
07:40 - Showing the difficulty of dirbusting API Servers
11:20 - Showing importance of updating FeroxBuster
15:00 - Playing with the HTML2PDF endpoint and discovering we need to send a POST with HTML as an argument
18:20 - The PDF Generated has dompdf 1.2.0 in the exif data searching for exploits
20:40 - Researching how CVE-2022-28368 works, then manually exploiting the vulnerabiltiy
28:50 - The CSS/Font is created, running the exploit and finding where the Font (PHP File) gets uploaded to
34:30 - Reverse shell returned
38:15 - Uploading pspy to examine how the box cleans itself up
40:20 - Discovering and exploiting Bash Arithmetic Injection
@karkantas Жыл бұрын
NEW IPPSEC VIDEO LESSS GOO
@Ms.Robot. Жыл бұрын
I just spent some time learning cipher breaking. Now to watch all of this. Then I'm going to search your videos for lessons on attacking ciphers. Thanks❗❤️
@CyberSixto Жыл бұрын
Nice video IppSec! Love the way how you take us on the journey of cracking a box and learning on the way! Great inspiration!
@jaxson8262 Жыл бұрын
14:47, -X for changing the method to post
@sudoer92 Жыл бұрын
" perfect practice make perfect "👌i can't forget it, Nice Video
@ukaszbudziak2017 Жыл бұрын
❤
@kalidsherefuddin Жыл бұрын
Thanks for everyone
@tntxqx8281 Жыл бұрын
Thank you sir
@trinadadtobago7064 Жыл бұрын
A challenging box for sure
@tudasuda5501 Жыл бұрын
Thnx!
@lool7922 Жыл бұрын
thanks
@JuanBotes Жыл бұрын
Thanks \o/
@Shintowel Жыл бұрын
Your voice similar with Jhon Hammond 😅😅😅
@S2eedGH Жыл бұрын
in 05:25 what is the point of requesting "/etc/passwd" while using POST method ?
@dragonv7 Жыл бұрын
/etc/passwd is a universal file that exists on all Linux systems. It's just a test to see whether the parameter is correct.
@watching7384 Жыл бұрын
@@dragonv7 why not use "GET"
@tg7943 Жыл бұрын
Push!
@sand3epyadav Жыл бұрын
I am working in cyber security compeny, when we see other people then realize you are like a god for me... My heart ippsec
@sotecluxan4221 Жыл бұрын
!!!
@FinderTheIcewing Жыл бұрын
You forgot the -
@McDaniel1 Жыл бұрын
Brothers. I Am glad i didn't do this box.
@yuyu-ce4fz Жыл бұрын
First
@mohamedmagdy6605 Жыл бұрын
Thank you for your effort it really helped me in my career and is this OK to contact you ? I need an e-mail or something
Eater Straw Hat
Рет қаралды 20 МЛН
Cloud-Native Corner
Рет қаралды 1,2 М.