動画検索
関連広告
検索結果
Intro
Start of nmap and poking at website. Browser Developer Window shows WebSockets + Hostname
Setting up full portscan and gobuster while we poke at the box, to always have recon running
Ussing ffuf to fuzz for emails (Forgot to set header here, we look at it later)
Creating a python program to aid our SQL Injection
SQL Injection: Enumerating information_schema to pull out table information
Going back to test our previous ffuf to find out i forgot the header flag
Enumerating our SQL Users permissions and then including files
RelayD configuration shows a new domain crossfit-club.htb, failing to sign up with an account
Using grep to extract /api/ endoings from javascript files
Discover the signup endpoint, only administrators can create accounts.
Creating a domain name with unbound and then editing the Host header in the password reset
Explaining the DNS Rebind attack to get around the server examining our DNS Name
Start of XSS to have the user register an account for us
Changing our unbound request to use a domain name that bypasses CORS
Appending a slash to the host header to bypass a regex
The final XSS Payload to have an administrator create an account for us. Checking out the chat applicaiton
Start of creating XSS to steal Direct Messages from chat application
Finishing off the XSS Script to steal DM's by hooking private_recv
Using find to show files owned by a group
Examining the Statbot NodeJS Script, then exploiting a library injection vulnerability
Going over why i hate reversing BSD Binaries, comparing Ghidra and Cutter decompiler output
Viewing backups on BSD and discovering root's ssh key is being backed up to /var, so the log binary can read it!
SSH is still asking for a password after using SSH Key, confirming it accepted our key, then viewing sshd/login config on BSD to see what its asking for
Using YKPARSE to examine our key, then change the session and generate a valid MFA
Introduction - SSH key pair basics
Check your keys are a match
Make sure SSH config is using our key
Attempt SSH connection with verbose output
Accessing server to check public key from another computer
Accessing server via a password
Accessing server via server provider console
Check public key in ~/.ssh/authorized_keys
Confirming we can now SSH in
Recap