HackTheBox - Browsed
00:00 - Introduction
00:45 - Start of nmap
04:45 - Uploading a zip file to the extension, looking at the output discovering a new subdomain
09:45 - Going to Gitea, looking at source code, see a flask app listening on localhost and a bash script vulnerable to bash arithmetic injection, explaining how it works
13:00 - Trying to create a malicious extension that reaches back to us, using the examples provided on the website as a starting point
18:45 - Creating a Background Worker, and giving it the webrequest permission lets us make a request on startup. Now have it try to trigger the RCE
23:30 -…
Watch on YouTube ↗
(saves to browser)
Chapters (9)
Introduction
0:45
Start of nmap
4:45
Uploading a zip file to the extension, looking at the output discovering a new
9:45
Going to Gitea, looking at source code, see a flask app listening on localhost
13:00
Trying to create a malicious extension that reaches back to us, using the exam
18:45
Creating a Background Worker, and giving it the webrequest permission lets us
23:30
Shell on the box, discover the __pycache__ directory gives everyone read/write
32:50
Using DD to copy the header over top of our pyc file, which will trick python
37:30
Getting Code execution as root
DeepCamp AI