HackTheBox - Charon
1:30 - Rabbit Hole - Searching for SuperCMS
6:23 - Running enumeration in the background (GoBuster)
7:40 - Rabbit Hole - SQLMap Blog SinglePost.php
12:04 - Finding PHP Files in /cmsdata/ (GoBuster)
12:53 - Manual Identification of SQL Injection
15:50 - SQL Injection Explanation
17:20 - Rabbit Hole - Starting SQLMap in the Background
18:10 - SQL Union Injection Explanation
19:30 - Identifying "Bad/Filtered Words" in SQL Injection
21:02 - SQL Union Finding number of items returned
21:48 - Returning data from Union Injection
22:48 - SQL Concat Explanation
23:55 - Enumerating SQL Databases Explana…
Watch on YouTube ↗
(saves to browser)
Chapters (28)
1:30
Rabbit Hole - Searching for SuperCMS
6:23
Running enumeration in the background (GoBuster)
7:40
Rabbit Hole - SQLMap Blog SinglePost.php
12:04
Finding PHP Files in /cmsdata/ (GoBuster)
12:53
Manual Identification of SQL Injection
15:50
SQL Injection Explanation
17:20
Rabbit Hole - Starting SQLMap in the Background
18:10
SQL Union Injection Explanation
19:30
Identifying "Bad/Filtered Words" in SQL Injection
21:02
SQL Union Finding number of items returned
21:48
Returning data from Union Injection
22:48
SQL Concat Explanation
23:55
Enumerating SQL Databases Explanation (Information_Schema)
25:46
Returning Database, Table, Columns from Information_Schema
29:30
Scripting to dump all columns
36:45
Listing of columns in SuperCMS
37:15
Dumping User Credentials
41:36
Logging in and exploiting SuperCMS
47:00
Return of reverse shell
48:40
Transfering small files from shell to my machine
50:56
Using RsaCtfTool to decrypt contents with weak public key
52:52
Breaking weak RSA manually
1:01:20
Begin PrivEsc to Root
1:02:40
Transering large files with NC
1:03:50
Analyzing SuperShell with BinaryNinja (Paid)
1:06:04
Analyzing SuperShell with Radare2 (Free)
1:08:22
Exploiting SuperShell
1:12:46
Encore. Getting a Root Shell with SetUID Binary
Playlist
Uploads from IppSec · IppSec · 26 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
▶
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
HHC2016 - Dungeon
IppSec
HHC2016 - Terminal Speedrun
IppSec
HHC2016 - Ads
IppSec
HHC2016 - Debug
IppSec
HHC2016 - Exception
IppSec
HHC2016 - Analytics
IppSec
HHC2016 - Getting Coins
IppSec
HackTheBox - Popcorn
IppSec
HackTheBox - October
IppSec
HackTheBox - Arctic
IppSec
HackTheBox - Tenten
IppSec
HackTheBox - CronOS
IppSec
HackTheBox - Brainfuck
IppSec
HackTheBox - Beep
IppSec
HackTheBox - Bastard
IppSec
HackTheBox - Bank
IppSec
HackTheBox - Joker
IppSec
HackTheBox - Haircut
IppSec
HackTheBox - Lazy
IppSec
Camp CTF 2015 - Bitterman
IppSec
HackTheBox - Devel
IppSec
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
HackTheBox - Granny and Grandpa
IppSec
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
HackTheBox - Optimum
IppSec
HackTheBox - Charon
IppSec
HackTheBox - Sneaky
IppSec
HackTheBox - Holiday
IppSec
HackTheBox - Apocalyst
IppSec
HackTheBox - Europa
IppSec
Introduction to tmux
IppSec
HackTheBox - Blocky
IppSec
HackTheBox - Nineveh
IppSec
HackTheBox - Jail
IppSec
HackTheBox - Blue
IppSec
HackTheBox - Calamity
IppSec
HackTheBox - SolidState
IppSec
HackTheBox - Shrek
IppSec
HackTheBox - Mirai
IppSec
HackTheBox - Shocker
IppSec
HackTheBox - Mantis
IppSec
HackTheBox - Node
IppSec
HackTheBox - Kotarak
IppSec
HackTheBox - Enterprise
IppSec
HackTheBox - Sense
IppSec
HackTheBox - Minion
IppSec
VulnHub - Sokar
IppSec
VulnHub - Pinkys Palace v2
IppSec
HackTheBox - Inception
IppSec
Vulnhub - Trollcave 1.2
IppSec
HackTheBox - Ariekei
IppSec
HackTheBox - Bashed
IppSec
HackTheBox - Flux Capacitor
IppSec
HackTheBox - Jeeves
IppSec
HackTheBox - Tally
IppSec
HackTheBox - CrimeStoppers
IppSec
HackTheBox - Fulcrum
IppSec
HackTheBox - Chatterbox
IppSec
HackTheBox - Falafel
IppSec
HackTheBox - Nibbles
IppSec
DeepCamp AI