0:00 - Introduction 01:00 - Start of nmap 03:20 - Discovering Metabase, noticing the HTTP Headers are different. Checking TTL just to see if it decrements from the main web page. 07:00 - Searching for an exploit for metabase, then enumerating version 09:30 - Manually exploiting Metabase by pulling the setup-token, then getting injection on the /setup/validate endpoint through the JDBC Driver 15:50 - Reverse shell returned 18:30 - Discovering credentials in the environment variables, then ssh into the box 20:12 - Googling the kernel to discover its vulnerable to GameOverlay 24:00 - Explaining the gameoverlay exploit (CVE-2023-23640, CVE-2023-32629) 25:50 - Stepping through the exploit manually to understand how the overlay fs works, and what the exploit did to abuse it 28:10 - Looking into the permissions of the binaries that were created
Hide player controls
Hide resume playing