UHC - Validation

Name: UHC - Validation
Uploaded: 2021-09-13T23:52:03Z
Channel: IppSec
Description: 00:00 - Intro, sorry for double upload. First one missed the last 5 minutes. 00:38 - Start of nmap, discovering SSH/HTTP are different operating system...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro, sorry for double upload. First one missed the last 5 minutes. 00:38 - Start of nmap, discovering SSH/HTTP are different operating systems 02:00 - Testing the website 02:45 - Intercepting the registration and testing for SQL Injection on the Country 04:19 - Discovering a static cookie is returned that is a MD5Sum of the UserName 05:20 - Our single quote country caused an Second Order SQL Injection testing Union Injection 08:08 - Using our Union Injection to drop a webshell 10:10 - Revrse Shell Returned 11:50 - Getting the database password out of the webconfig, and its also the …

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Intro, sorry for double upload. First one missed the last 5 minutes.

0:38 Start of nmap, discovering SSH/HTTP are different operating systems

2:00 Testing the website

2:45 Intercepting the registration and testing for SQL Injection on the Country

4:19 Discovering a static cookie is returned that is a MD5Sum of the UserName

5:20 Our single quote country caused an Second Order SQL Injection testing Union In

8:08 Using our Union Injection to drop a webshell

10:10 Revrse Shell Returned

11:50 Getting the database password out of the webconfig, and its also the root user

12:30 Explaining how I gave "dedicated" containers to each player

13:35 Going over the Kernel Module I wrote to do routing based upon the last octet o

18:30 Going over the code around SQL Injection and how to do prepared statements in

23:40 Creating middleware with Flask so SQLMap can exploit this second order sql inj

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →