HackTheBox - Meta

Name: HackTheBox - Meta
Uploaded: 2022-06-11T15:00:57Z
Channel: IppSec
Description: 00:00 - Introduction 00:55 - Start of nmap 03:10 - Running a VHOST enumeration scan 04:00 - Discovering the Metaview application which is an image uploa...

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Introduction 00:55 - Start of nmap 03:10 - Running a VHOST enumeration scan 04:00 - Discovering the Metaview application which is an image upload 04:50 - Attempting to exploit the file upload, uploading non images. 07:00 - Editing the exif metadata to put PHP tags in the image, still failing to get code execution but find XSS 09:00 - Looking for public exploits against exiftool 10:10 - Creating a malicious image with CVE-2021-22204 against ExifTool, DjVu exploit 15:00 - Reverse shell returned, examining the application 18:30 - Discovering Convert_images directory, using grep to find o…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:55 Start of nmap

3:10 Running a VHOST enumeration scan

4:00 Discovering the Metaview application which is an image upload

4:50 Attempting to exploit the file upload, uploading non images.

7:00 Editing the exif metadata to put PHP tags in the image, still failing to get c

9:00 Looking for public exploits against exiftool

10:10 Creating a malicious image with CVE-2021-22204 against ExifTool, DjVu exploit

15:00 Reverse shell returned, examining the application

18:30 Discovering Convert_images directory, using grep to find out if anything uses

20:30 Finding the convert_images script uses an old copy of mogrify which uses image

21:30 Exploiting CVE-2020-29599 in mogrify/image magic

28:50 Our user can run neofetch with sudo, and XDG_CONFIG_HOME is preserved. Exploit

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →