HackTheBox - OpenKeyS

Name: HackTheBox - OpenKeyS
Uploaded: 2020-12-12T15:00:30Z
Channel: IppSec
Description: 00:00 - Introduction 00:31 - Begin of nmap 01:10 - Nmap shows it is BSD, going over some command differences 02:00 - Running GoBuster to find other PHP ...

IppSec · Beginner ·🔐 Cybersecurity ·5y ago

00:00 - Introduction 00:31 - Begin of nmap 01:10 - Nmap shows it is BSD, going over some command differences 02:00 - Running GoBuster to find other PHP Scripts 04:30 - Looking at the includes directory and finding source code 10:14 - Reversing the Check_Auth binary with Ghidra, to see it doesn't decompile well 12:00 - Using VirusTotal to find out if this an old binary 13:20 - Using Cutter to decompile this binary, to see it does a better job than Ghidra! 17:50 - Finding some BSD Exploits related to authentication 20:00 - Putting SCHALLENGE as the username, causes a different error message. The…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Introduction

0:31 Begin of nmap

1:10 Nmap shows it is BSD, going over some command differences

2:00 Running GoBuster to find other PHP Scripts

4:30 Looking at the includes directory and finding source code

10:14 Reversing the Check_Auth binary with Ghidra, to see it doesn't decompile well

12:00 Using VirusTotal to find out if this an old binary

13:20 Using Cutter to decompile this binary, to see it does a better job than Ghidra

17:50 Finding some BSD Exploits related to authentication

20:00 Putting SCHALLENGE as the username, causes a different error message. Then doi

24:50 Abusing the $_REQUEST() feature to overwrite the username file with a valid us

26:10 Showing how OpenBSD has some different command line switches

31:00 Going back to the earlier CVE, since it showed a privesc aswell and explaining

40:45 EXTRA: Looking at the PHP Code to explain the $_REQUEST exploit again

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →