Myvideo

Guest

Login

HackTheBox - Book

Uploaded By: Myvideo
3 views
0
0 votes
0

00:00 - Intro 00:34 - Begin of Recon 01:45 - Enumerating the login page 03:05 - Creating an account, identifying what fields are unique 05:00 - Logged into the page, examining functionality starting with the file 07:30 - Playing with the search field 08:00 - Playing with XSS by using img src 13:00 - Examining the user signup more closely 15:25 - Viewing javascript on the page to show there is a maximum number of characters in username/email 17:20 - Start of attempting SQL Truncation attack 22:25 - Attempting to login to /admin/ with our account to see we get in, then redoing everything to explain it. 23:20 - Explaining the SQL Truncation Attack 35:40 - Noticing the PDF Generation processes HTML and probably JavaScript 39:00 - Using a Javascript payload that reads a local file on the box 45:20 - Getting rid of the Base64 Encoding in the payload and reading /etc/passwd 46:18 - Trying (and failing) to grab /proc/self/environ 54:10 - Attempting to grab

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later