HackTheBox - FormulaX

Name: HackTheBox - FormulaX
Uploaded: 2024-08-17T15:07:18Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 04:30 - Examining the Change Password functionality 06:20 - Discovering XSS In the Contact Form 11:15 - Build...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 04:30 - Examining the Change Password functionality 06:20 - Discovering XSS In the Contact Form 11:15 - Building an XSS Cradle that manipulates the DOM to load an external JS file 18:35 - Creating an XSS that will send interact with the webchat and exfil messages back to us 26:30 - Discovering a new subdomain from the Online Chat 30:15 - Showing why we could not use Script SRC with our XSS Attack and why we used the DOM Technique 37:34 - Looking at the Git Auto Report Generating and discovering it uses simple-git v3.14 which has an RCE Vulnerability 4…

Watch on YouTube ↗ (saves to browser)

Chapters (16)

Introduction

1:00 Start of nmap

4:30 Examining the Change Password functionality

6:20 Discovering XSS In the Contact Form

11:15 Building an XSS Cradle that manipulates the DOM to load an external JS file

18:35 Creating an XSS that will send interact with the webchat and exfil messages ba

26:30 Discovering a new subdomain from the Online Chat

30:15 Showing why we could not use Script SRC with our XSS Attack and why we used th

37:34 Looking at the Git Auto Report Generating and discovering it uses simple-git v

44:40 Shell on the box, dumping the mongo database

52:00 Shell as Frank_Dorky

52:30 Looking at the services running on the box to enumerate what each port is

55:30 Showing bad permissions on the LibreNMS Directory which allows us to read and

59:30 Using the Templates in LibreNMS to get code execution

1:04:00 Showing the intended way to exploit LibreNMS which is using a malicious SNMP T

1:17:30 Exploiting the OpenOffice network port

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →