filmov
tv
TryHackMe ! Kiba // Exploiting Kibana - JavaScript Prototype Pollution
Показать описание
Disclaimer
This is educational purpose video only. I did not harm anyone I just do ctfs and make that walkthrough and explain what of the method here in use, so please don't use this because hacking is crime if you do this then it's can land you in jail.
I'm not support any kind of illegle or malicious hacking.
========================
kiba
-----------
Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution.
---------------------------------------------
1. What is the vulnerability that is specific to programming languages with prototype-based inheritance?
2. What is the version of visualization dashboard installed in the server?
3. What is the CVE number for this vulnerability? This will be in the format: CVE-0000-0000
5. Capabilities is a concept that provides a security system that allows "divide" root privileges into different values
6. How would you recursively list all of these capabilities?
-------------------------------
#yesspider
please support me on patreon
--------------------------------------------------
00:00-intro
00:32-scan ports using nmap
02:47-enumeration
06:52-search vulnerability of kibana
12:00-exploit kibana (CVE-2019-7609)
19:26-privilege escalation
This is educational purpose video only. I did not harm anyone I just do ctfs and make that walkthrough and explain what of the method here in use, so please don't use this because hacking is crime if you do this then it's can land you in jail.
I'm not support any kind of illegle or malicious hacking.
========================
kiba
-----------
Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution.
---------------------------------------------
1. What is the vulnerability that is specific to programming languages with prototype-based inheritance?
2. What is the version of visualization dashboard installed in the server?
3. What is the CVE number for this vulnerability? This will be in the format: CVE-0000-0000
5. Capabilities is a concept that provides a security system that allows "divide" root privileges into different values
6. How would you recursively list all of these capabilities?
-------------------------------
#yesspider
please support me on patreon
--------------------------------------------------
00:00-intro
00:32-scan ports using nmap
02:47-enumeration
06:52-search vulnerability of kibana
12:00-exploit kibana (CVE-2019-7609)
19:26-privilege escalation
0:25:14
0:27:55
0:16:28
0:14:30
0:09:23
0:10:10
0:04:46
0:21:08
1:13:21
0:19:36
0:19:42
0:23:24
0:23:56
0:16:57
0:19:30
0:11:52
0:10:37
0:36:44
1:02:14
0:26:48
0:16:42
0:42:05
0:14:45
0:26:54