HackTheBox - Headless
00:00 - Introduction
01:00 - Start of nmap
01:50 - Examining the cookie, measuring entropy with ent
04:30 - Testing the Contact Support form, putting HTML in the message triggers Hacking Attempt Detected
06:00 - Examining the /dashboard, playing with the cookie to see if we can view it
07:20 - Testing the Hacking Attempt Detected message for XSS
11:00 - Creating an XSS Payload to steal the cookie via fetch
14:40 - Replaying the cookie gets us into the Dashboard, finding command injection in the Generate Report
17:00 - Reverse shell returned
18:10 - Discovering DVIR can run Syscheck which is a bash script with a bash injection vulnerability and getting root
21:30 - Beyond root! Talking about how you can exfil HTTPONLY cookies if you find a page that replays the headers
23:50 - Start of creating a Javascript Payload to fetch a page and send it back to us
36:50 - Script finished, we can now control the users browser and send the page back to us
39:15 - Changing the Javascript payload to perform the injection on Generate Report for us so we get RCE on the webserver via XSS
Watch video HackTheBox - Headless online without registration, duration hours minute second in high quality. This video was added by user IppSec 20 July 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 18,939 once and liked it 503 people.