HackTheBox Zipping

Name: HackTheBox Zipping
Uploaded: 2024-01-13T16:00:13Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 02:50 - Discovering a likely LFI in product.php but cannot use filters, likely because there is a file_exists...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·2y ago

00:00 - Introduction 01:00 - Start of nmap 02:50 - Discovering a likely LFI in product.php but cannot use filters, likely because there is a file_exists() check 05:30 - Playing with the File Upload functionality 08:40 - Talking about the PHAR wrapper in PHP, showing it will bypass the file_exist and we can go into the ZIP to bypass the .pdf check 10:55 - Uploading the phar archive, and getting RCE through the LFI and PHAR wrapper 16:40 - Showing the intended File Disclosure vulnerability, by uploading a zip with a symlink 18:00 - Creating a python script to automate the file disclosure vulnera…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Introduction

1:00 Start of nmap

2:50 Discovering a likely LFI in product.php but cannot use filters, likely because

5:30 Playing with the File Upload functionality

8:40 Talking about the PHAR wrapper in PHP, showing it will bypass the file_exist a

10:55 Uploading the phar archive, and getting RCE through the LFI and PHAR wrapper

16:40 Showing the intended File Disclosure vulnerability, by uploading a zip with a

18:00 Creating a python script to automate the file disclosure vulnerability, making

28:30 Script completed, looking at the PHP Code, then showing another unintended sol

37:30 Explaining what happened with the null byte

40:00 Showing the intended solution with the null byte, talking about how we can byp

48:00 Dumping the SQL Database with a union injection

51:15 Dropping a file from MySQL and then including it with the LFI to get a shell

58:00 As Rektsu we can execute a binary with sudo, running strings discovers a hard

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →