HackTheBox - Headless
00:00 - Introduction
01:00 - Start of nmap
01:50 - Examining the cookie, measuring entropy with ent
04:30 - Testing the Contact Support form, putting HTML in the message triggers Hacking Attempt Detected
06:00 - Examining the /dashboard, playing with the cookie to see if we can view it
07:20 - Testing the Hacking Attempt Detected message for XSS
11:00 - Creating an XSS Payload to steal the cookie via fetch
14:40 - Replaying the cookie gets us into the Dashboard, finding command injection in the Generate Report
17:00 - Reverse shell returned
18:10 - Discovering DVIR can run Syscheck which is a bash script with a bash injection vulnerability and getting root
21:30 - Beyond root! Talking about how you can exfil HTTPONLY cookies if you find a page that replays the headers
23:50 - Start of creating a Javascript Payload to fetch a page and send it back to us
36:50 - Script finished, we can now control the users browser and send the page back to us
39:15 - Changing the Javascript payload to perform the injection on Generate Report for us so we get RCE on the webserver via XSS
Смотрите видео HackTheBox - Headless онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь IppSec 20 Июль 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 18,939 раз и оно понравилось 503 людям.