My Journey to Exploit Development (CVE-2024-23897)

preview_player
Показать описание
In this series, I will show you how I developed my first real world windows exploit for CVE-2024-23897 (Jenkins Unauthenticated Arbitrary File Read).

NOTE: Although you can see some things related to our GOAD-light series, this is not related to that. I just reused some of the resources from that series such as the windows server that will host the vulnerable jenkins instance.

// Tags

#oscp #ethicalhacking #windows #jenkins #cve-2024-23897

// Chapters

0:00 - Intro
0:50 - What to expect from the series?
1:36 - Manual exploitation
3:01 - Getting familiar with the vulnerability
4:14 - Proxychains with burp
5:06 - Websockets to HTTP
6:14 - Getting a view of whole TCP transaction
6:34 - Analyzing jenkins download side
7:21 - Analyzing jenkins upload side
8:11 - Constructing the exploit
10:40 - Replicating the upload payload
12:10 - Payload byte comparison
13:46 - Trying more things and importance of REST

// Links

  1. Hack the Clown
Рекомендации по теме
My Journey to 0:14:40

My Journey to Exploit Development (CVE-2024-23897)

My Journey to 0:13:17

My Journey to Exploit Development (Part 3)

My Journey to 0:14:06

My Journey to Exploit Development (Part 2)

Where to start 0:13:59

Where to start with exploit development

Windows User Mode 0:01:52

Windows User Mode Exploit Development

Future of Exploit 0:19:11

Future of Exploit Development - 2021 and Beyond

The WORST Programming 0:00:31

The WORST Programming Languages EVER #shorts

OSED Review - 0:58:57

OSED Review - Offensive Security Exploit Developer

Hacking Knowledge 0:00:27

Hacking Knowledge

What Is Wrong 0:00:46

What Is Wrong With Your Golang???? #coding #chatgpt #software

A Very Unethical 0:00:54

A Very Unethical #resume hack

Mastering Metasploit: A 0:00:58

Mastering Metasploit: A Beginner's Guide to Exploit Development

Blox Fruits XP 0:00:15

Blox Fruits XP GLITCH RN MAX LEVEL SCRIP WORKING 2023.

Sync Breeze 10.0.28 0:00:41

Sync Breeze 10.0.28 Proof of Concept | Vanilla Stack Buffer Overflow | Exploit Development

How to find 0:02:03

How to find bug for exploit development

Learning how to 0:00:17

Learning how to script Day 2

Making $1000/Day With 0:00:38

Making $1000/Day With AI?

04of12+ +Peter+Van+Eeckhoutte+ +Project+Quebec+and+win32+exploit+development+with+pvefindaddr 1:09:40

04of12+ +Peter+Van+Eeckhoutte+ +Project+Quebec+and+win32+exploit+development+with+pvefindaddr

Hands-on Exploit Development 0:08:50

Hands-on Exploit Development Video Preview

I applied to 0:00:29

I applied to 15 quant firms, this is what happened.

Hacker Shows Best 0:01:00

Hacker Shows Best Hacking Device In The World - Ryan Montgomery

How To Make 0:00:23

How To Make A ROBLOX GAME In 1 Line Of CODE!

the hacker’s roadmap 0:33:50

the hacker’s roadmap (how to get started in IT in 2025)

ScriptMate 📜 How 0:00:17

ScriptMate 📜 How to Script on Roblox

Комментарии
Автор

Studies showed that following an ethical hacker from the beginning of his journey increases your chance of becoming one, and even better. Would you subscribe?

hacktheclown
Автор

This is exactly what I'm expecting from an educational hacking channel! Explaining every detail. Hope you don't stop boss!

kittoh_
Автор

Your videos are pure gem!!! its incredible!! a serie on exploit dev?? I'm living the dream

srapsanas
Автор

Good stuff ! There aren’t many quality channels like this anymore.

YLprime
Автор

I've been looking for this exact content format from youtube for ages, it's nice to see somebody finally doing it :)

防火长城
Автор

Fire. I really like the format of this vid bro, you're showing what most people don't. 10/10

zelguapo
Автор

Thank you for taking the risk to share your research and your an excellent teacher.

Redneck_Cybertruck
Автор

Eagerly waiting for the next one! Amazing series please keep them coming

amaankhan
Автор

Omg !! Can't wait for the 2nd part!!!

NotFound
Автор

Amazing editing cant wait for Part 2 🎉

Mxfnk
Автор

Please continue with this, your videos are really inspiring.

megvzx
Автор

Hey bro, thanks for your videos, man! Congrats to me—I passed my OSCP!

satyamrao
Автор

Looking forward to the next part. You don't really see this thing taught anywhere else, maybe the advanced offsec web course

Xorriath
Автор

Loved the exploit construction part, but for next time would you be able to turn the music down a little so it’s easier to listen to you speak. Thank you for this video!!

bebop_
Автор

Try, fail, try, This is the hacker way.

HackersToFounders
Автор

Man you a king and yes i am the bad company attracted, kidding

TahaIshaq-jq
Автор

If you haven't tried already, use sockets to send raw requests in order to have the maximum amount of control over the request you're making. You should also learn what those weird bytes are because they could be related to the session id etc and copying them directly may not give you the result you're looking for.

valeriobelenkov
Автор

You could have tried setting a proxy with the HTTP_PROXY environment variable and theres also plugins in burp to read wireshark dumps in burp

crlfff
Автор

Please make a video on AD Delegation and s4uself, proxy extension

samyaktjain
Автор

oh my goodness... now thats epix! sign me up! everyone subscribe! lets get this man an oscar!

networkengineer-nm