HackTheBox Zipping скачать в хорошем качестве

HackTheBox Zipping

00:00 - Introduction 01:00 - Start of nmap 02:50 - Discovering a likely LFI in product.php but cannot use filters, likely because there is a file_exists() check 05:30 - Playing with the File Upload functionality 08:40 - Talking about the PHAR wrapper in PHP, showing it will bypass the file_exist and we can go into the ZIP to bypass the .pdf check 10:55 - Uploading the phar archive, and getting RCE through the LFI and PHAR wrapper 16:40 - Showing the intended File Disclosure vulnerability, by uploading a zip with a symlink 18:00 - Creating a python script to automate the file disclosure vulnerability, making it easier for us to download files 28:30 - Script completed, looking at the PHP Code, then showing another unintended solution with a zip file and null byte 37:30 - Explaining what happened with the null byte 40:00 - Showing the intended solution with the null byte, talking about how we can bypass this regex with CRLF Injection due to lack of multi-line 48:00 - Dumping the SQL Database with a union injection 51:15 - Dropping a file from MySQL and then including it with the LFI to get a shell 58:00 - As Rektsu we can execute a binary with sudo, running strings discovers a hard coded password. Strace reveals it loads a library that doesn't exist, so we can use MSFVenom to create a malicious library