HackTheBox - Interface

Name: HackTheBox - Interface
Uploaded: 2023-05-13T14:52:05Z
Channel: IppSec
Description: 00:00 - Introduciton 00:50 - Start of nmap, navigating to the page and identifying the framework based upon 404 02:30 - Playing around looking at javasc...

IppSec · Beginner ·📄 Research Papers Explained ·2y ago

00:00 - Introduciton 00:50 - Start of nmap, navigating to the page and identifying the framework based upon 404 02:30 - Playing around looking at javascript source, not getting anything 04:30 - Playing around with prd.m.rengering-api.interface.htb... I'm guessing file not found is the webserver, not actual code. 07:40 - Showing the difficulty of dirbusting API Servers 11:20 - Showing importance of updating FeroxBuster 15:00 - Playing with the HTML2PDF endpoint and discovering we need to send a POST with HTML as an argument 18:20 - The PDF Generated has dompdf 1.2.0 in the exif data searching f…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduciton

0:50 Start of nmap, navigating to the page and identifying the framework based upon

2:30 Playing around looking at javascript source, not getting anything

4:30 Playing around with prd.m.rengering-api.interface.htb... I'm guessing file not

7:40 Showing the difficulty of dirbusting API Servers

11:20 Showing importance of updating FeroxBuster

15:00 Playing with the HTML2PDF endpoint and discovering we need to send a POST with

18:20 The PDF Generated has dompdf 1.2.0 in the exif data searching for exploits

20:40 Researching how CVE-2022-28368 works, then manually exploiting the vulnerabilt

28:50 The CSS/Font is created, running the exploit and finding where the Font (PHP F

34:30 Reverse shell returned

38:15 Uploading pspy to examine how the box cleans itself up

40:20 Discovering and exploiting Bash Arithmetic Injection

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →