HackTheBox - EarlyAccess

Name: HackTheBox - EarlyAccess
Uploaded: 2022-02-12T15:08:36Z
Channel: IppSec
Description: 00:00 - Intro 01:05 - Start of nmap, adding earlyaccess.htb to the hostfile 05:20 - Registering an account to see what features are enabled to regular u...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 01:05 - Start of nmap, adding earlyaccess.htb to the hostfile 05:20 - Registering an account to see what features are enabled to regular users 06:20 - Discovering bad characters of username are only checked upon registration, not changing it from the profile page 11:50 - Testing the Contact Forms for XSS by sending a message to ourself 12:10 - Using document.location javascript to steal cookies 17:05 - Taking the administrators cookie and discovering some new hosts/functionality/key validation script 20:07 - Going over the key validaiton script 23:55 - Breaking the first part of …

Watch on YouTube ↗ (saves to browser)

Chapters (25)

Intro

1:05 Start of nmap, adding earlyaccess.htb to the hostfile

5:20 Registering an account to see what features are enabled to regular users

6:20 Discovering bad characters of username are only checked upon registration, not

11:50 Testing the Contact Forms for XSS by sending a message to ourself

12:10 Using document.location javascript to steal cookies

17:05 Taking the administrators cookie and discovering some new hosts/functionality/

20:07 Going over the key validaiton script

23:55 Breaking the first part of the Key which is a simple Bit Shift and XOR to get

30:05 Breaking the second part of the key which calculating every permutation of whe

34:20 Showing the lazy way to do the second part, since we never actually need to kn

36:15 Breaking the third part of the key, which has a rotating magic. Discovering th

38:50 Coding the third part to display valid keys for all 60 combinations

43:30 Breaking G4, which is just a simple XOR

47:00 Talking about how the CheckSum works and how it is similair to the Luhn Check

48:50 Putting everything togather and building a key generator to give us 60 keys

58:50 Allowing our script to attempt to register keys on our behalf

1:11:30 Debugging issues in our script

1:18:40 The issue of our script, we copied the checksum incorrectly

1:22:50 Logging in to play the game and talking about forging scores

1:24:20 Playing with Second Order SQL Injection with our username and scoreboard

1:26:08 Extracting table information from information_schema with our union sql inject

1:31:50 Extracting hashes from the database than cracking to get the administrators pa

1:36:10 Logging into developer admin panel

1:39:00 Fuzzing file.php to discover hidden parameters to find filepath which can be u

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →