HackTheBox - Cypher

Name: HackTheBox - Cypher
Uploaded: 2025-07-26T15:10:07Z
Channel: IppSec
Description: 00:00 - Introduction 00:40 - Start of nmap 03:40 - Sending a single quote in login and causing an error that has a stack trace tied to it, can see the c...

IppSec · Beginner ·🔐 Cybersecurity ·8mo ago

00:00 - Introduction 00:40 - Start of nmap 03:40 - Sending a single quote in login and causing an error that has a stack trace tied to it, can see the cypher query it is running 06:50 - Forcing the Cypher Query to return true creating an authentication bypass in cypher queries 08:05 - Also showing we can exfiltrate data through out of band injection with LOAD CSV in cypher queries 10:20 - Playing around with the neo4j database by running cypher queries 13:00 - Discovering a custom function getUrlStatusCode, finding the java source code and finding an RCE via command injection 18:00 - Getting a…

Watch on YouTube ↗ (saves to browser)

Chapters (11)

Introduction

0:40 Start of nmap

3:40 Sending a single quote in login and causing an error that has a stack trace ti

6:50 Forcing the Cypher Query to return true creating an authentication bypass in c

8:05 Also showing we can exfiltrate data through out of band injection with LOAD CS

10:20 Playing around with the neo4j database by running cypher queries

13:00 Discovering a custom function getUrlStatusCode, finding the java source code a

18:00 Getting a shell on the box by exploiting the custom function, finding a neo4j

20:00 Also showing the /api/cypher endpoint didn't require authentication

24:30 Finding out GraphASM can run bbot with sudo, showing we can leak partial files

28:00 Getting RCE by creating a malicious config that lets us load a custom bbot mod

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →