filmov
tv
GOAD-Light OSCP Series: 2024 Exploit development using Python and Pwntools
Показать описание
This is an extension of the part 3 video.
I will show you the process on how I create the one click exploit for the file upload vulnerability in castle black.
This is a basic exploit only and although this was originally intended for people starting with ethical hacking, others will find this valuable as well.
// Tags
#oscp #ethicalhacking #activedirectory #windows #fileupload #asp
// Chapters
0:00 - Intro
0:44 - Python basics and interacting with web services
2:59 - Investigating failed request using Burp
3:40 - What is multipart/form-data?
4:55 - ASP view state
5:09 - HTTP Sessions
6:24 - Searching through HTML via python RE module
7:32 - Catching reverse shell via PWNTools
8:38 - TROUBLESHOOTING TIP
9:38 - Windows CRLF again!
10:26 - Threads, thread, threads everywhere ...
10:50 - Creating a multi-threaded program
// Links
None for now sorry.
I will show you the process on how I create the one click exploit for the file upload vulnerability in castle black.
This is a basic exploit only and although this was originally intended for people starting with ethical hacking, others will find this valuable as well.
// Tags
#oscp #ethicalhacking #activedirectory #windows #fileupload #asp
// Chapters
0:00 - Intro
0:44 - Python basics and interacting with web services
2:59 - Investigating failed request using Burp
3:40 - What is multipart/form-data?
4:55 - ASP view state
5:09 - HTTP Sessions
6:24 - Searching through HTML via python RE module
7:32 - Catching reverse shell via PWNTools
8:38 - TROUBLESHOOTING TIP
9:38 - Windows CRLF again!
10:26 - Threads, thread, threads everywhere ...
10:50 - Creating a multi-threaded program
// Links
None for now sorry.
0:11:51
GOAD-Light OSCP Series: 2024 Exploit development using Python and Pwntools
0:06:19
GOAD-Light OSCP Series: Intro (Must watch for OSCP students!)
0:20:53
GOAD-Light OSCP Series: Bloodhound Attack Chain
0:12:51
GOAD-Light OSCP Series: Recon and Scanning
0:11:51
GOAD-Light OSCP Series: Token Impersonation, Post Exploitation, and Bloodhound
0:10:37
GOAD-Light OSCP Series: Techniques on how to approach a problem
0:11:56
GOAD-Light OSCP Series: Jenkins Exploitation, Nishang, and Service Accounts
0:13:13
GOAD-Light OSCP Series: One-liner jenkins reverse shell exploit
0:11:09
GOAD-Light OSCP Series: Kerberos and Trying Harder
0:11:52
GOAD-Light OSCP Series: File upload exploitation, OSCP Tips, ASP and IIS
0:14:40
My Journey to Exploit Development (CVE-2024-23897)
Комментарии