HackTheBox - PC

Name: HackTheBox - PC
Uploaded: 2023-10-07T16:08:20Z
Channel: IppSec
Description: 00:00 - Introduction 01:05 - Start of nmap 03:00 - Googling the port number, and reading more about gRPC 04:45 - Install GRPCurl so we can access the gR...

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

00:00 - Introduction 01:05 - Start of nmap 03:00 - Googling the port number, and reading more about gRPC 04:45 - Install GRPCurl so we can access the gRPC interface 06:30 - Enumerating the grpc interface 10:30 - Registering a user and logging in 13:45 - Using Verbose with GRPCurl to get extra information which includes an JWT 16:20 - Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the database to discover SQLite 19:45 - Enumerating the SQLite Database (similar to Information_schema with mysql) 21:45 - Using Group_Concat with a union injection to dump all users and passwords…

Watch on YouTube ↗ (saves to browser)

Chapters (12)

Introduction

1:05 Start of nmap

3:00 Googling the port number, and reading more about gRPC

4:45 Install GRPCurl so we can access the gRPC interface

6:30 Enumerating the grpc interface

10:30 Registering a user and logging in

13:45 Using Verbose with GRPCurl to get extra information which includes an JWT

16:20 Discovering an SQL Injection in the SimpleApp.GetInfo, enumerating the databas

19:45 Enumerating the SQLite Database (similar to Information_schema with mysql)

21:45 Using Group_Concat with a union injection to dump all users and passwords, the

24:45 Discovering PyLoad is running on localhost, setting up an SSH Tunnel to access

26:00 Finding a public POC and running it to exploit PyLoad

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →