SQLi, ToC/ToU & Arbitrary File Write - Proper @ HackTheBox

preview_player
Показать описание
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me.

Topics:
• SQL Injection with Dynamic Parameter
• RFI from SMB Share
• ToC/ToU exploitation with inotifywait
• Golang Reversing
• Named Pipes
• Exploiting an Aribtrary File Write as SYSTEM

[ Timestamps ]
00:00 Intro
00:24 Enum
04:46 SQLMap
07:58 RFI
14:55 ToC/ToU
22:53 Golang Reversing
29:08 Putting everything together
37:35 WerTrigger

[ Notes & Links ]

[ Desktop ]

[ About ]

This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.
  1. vulnlab
Рекомендации по теме
SQLi, ToC/ToU & 0:39:56

SQLi, ToC/ToU & Arbitrary File Write - Proper @ HackTheBox

SQLi, LFI to 0:27:04

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation - StreamIO @ HackTheBox

HackTheBox Nibbles - 0:28:10

HackTheBox Nibbles - Exploiting Arbitrary File Upload

DNS Rebinding, XSS 0:35:41

DNS Rebinding, XSS & 2FA SSH - Crossfit2 @ HackTheBox

HackTheBox - Player2 0:12:47

HackTheBox - Player2

Pentester Lab: CVE-2014-6271: 0:04:21

Pentester Lab: CVE-2014-6271: ShellShock Walkthrough - by Amine Essiraj

ASP, Windows Containers, 0:14:06

ASP, Windows Containers, Responder & NoPAC - Anubis @ HackTheBox

JWT & Docker 0:11:13

JWT & Docker CVE - TheNotebook @ HackTheBox

TR19: Abusing privileged 0:21:40

TR19: Abusing privileged file operations on Windows

ZIP SYMLINK Vulnerability 0:01:02

ZIP SYMLINK Vulnerability

BlueHat v18 || 0:30:42

BlueHat v18 || A mitigation for kernel toctou vulnerabilities

FTP to Web 0:08:48

FTP to Web Shell & SeImpersonate - AuthBy @ PG Practice

Vulnlab | Wutai: 0:12:59

Vulnlab | Wutai: Writing a Loader & Getting a Beacon

SECURITY PLUS COURSE 0:23:41

SECURITY PLUS COURSE 2024: Domain 2.3 Applications OS & Web-based Attacks - SY0-701 FULL COURSE

SEH Based Buffer 0:20:16

SEH Based Buffer Overflow with Space Limitations - Kevin @ PG Practice

Active Directory, Reverse 0:37:07

Active Directory, Reverse Engineering & Unintended Solutions - Pivotapi @ HackTheBox

From CTFs to 0:43:39

From CTFs to Real-World Vulnerabilities (Part 2)

PHPMailer/SwiftMailer/ZendFramework PoC Exploit 0:03:40

PHPMailer/SwiftMailer/ZendFramework PoC Exploit

SEH Based Buffer 0:17:10

SEH Based Buffer Overflow & DLL Hijacking - UT99 @ PG Practice

129 - DOMPDF 0:39:42

129 - DOMPDF XSS to RCE, Chrome Leaking Environment Vars, and cr8escape [Bug Bounty Podcast]

How to decrypt 0:01:09

How to decrypt enc file?

044 - Raccoons, 2:22:40

044 - Raccoons, Incomplete fixes and Kernel Exploits

Domain 1.12: Pointer/object 0:01:12

Domain 1.12: Pointer/object dereference - CompTIA Security+ SY0 601

Racing the Web 0:49:15

Racing the Web (Aaron Hnatiw)

Комментарии
Автор

The trickiest box I’ve seen so far. Great job guys!

TalsonHacks
Автор

Great Box and great explanation! Love your xc shell too!

qRaum
Автор

Hey, please may i ask if these exploits are possible or applicable to use in real life i.e bug bounty
at all, or just for hack the box for fun? is it required to be a cyber security professional to be this good at hack the box? or can be done as a hobby, ?
thank you

stg