UHC - BackendTwo

Name: UHC - BackendTwo
Uploaded: 2022-05-04T17:49:38Z
Channel: IppSec
Description: 00:00 - Intro 00:49 - Start of nmap 02:17 - Talking about why dirbusting an API is different. Bruteforce methods instead of extensions and 404 doesn't t...

IppSec · Beginner ·🧠 Large Language Models ·3y ago

00:00 - Intro 00:49 - Start of nmap 02:17 - Talking about why dirbusting an API is different. Bruteforce methods instead of extensions and 404 doesn't terminate recursion 03:10 - Installing the latest version of FeroxBuster 04:40 - Running FeroxBuster with Force Recursion and multiple HTTP methods to discover user endpoints 06:45 - Downloading all users, creating a single json file, then using JQ to enable us to filter users 10:08 - Registering an account via the Signup endpoint. Analyzing errors to identify how it wants data 11:55 - Logging into the application in order to get a bearer token …

Watch on YouTube ↗ (saves to browser)

Chapters (23)

Intro

0:49 Start of nmap

2:17 Talking about why dirbusting an API is different. Bruteforce methods instead o

3:10 Installing the latest version of FeroxBuster

4:40 Running FeroxBuster with Force Recursion and multiple HTTP methods to discover

6:45 Downloading all users, creating a single json file, then using JQ to enable us

10:08 Registering an account via the Signup endpoint. Analyzing errors to identify h

11:55 Logging into the application in order to get a bearer token

13:08 Using BurpSuite to add the Bearer Token to our HTTP Request and accessing /doc

15:10 Playing with the edit endpoint in the docs page

16:38 Testing for Mass Assignment, by editing our profile but adding the is_superuse

19:15 Using the file endpoint to extract files from the application

20:45 Creating a bash script to make extracting files easier for us

23:45 Using the LFI to examine the /proc/ directory to get cmdline of pid and ppid,

26:35 Examining the LFI Source Code to identify how the application works and JWT is

30:50 Trying to write files, discovering we need to edit our JWT

32:45 Creating a bash script that will update the webserver code to include another

41:50 Reverse shell returned, reviewing the logs to identify a password was entered

44:00 Trying to use Sudo and getting to PAM-Wordle

45:05 Analyzing timestamps on the filesystem with find to identify a PAM Module that

48:25 Running strings on the PAM Module, discovering the wordlist used for wordle is

49:00 Using the wordlist to cheat wordle and root the box

50:10 Examining the source code of the box to identify why it is vulnerable to the M

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

UHC - BackendTwo

Chapters (23)

Playlist

Lesson complete!