Automating Malicious Zip with Symlinks [HackTheBox Zipping] скачать в хорошем качестве

Automating Malicious Zip with Symlinks [HackTheBox Zipping]

In the Zipping box from HackTheBox, I can read files from the target host by submitting a zip file containing a symlink to the file I want to read. That can be done manually, but I'll want to script it to make life easier for myself. In this video, I'll show the vulnerability and then write the script. I'll use zipfile, io.BytesIO, regex, and requests. I'll update the script to handle cleanly binary files, and show that works by checking VirusTotal. HackTheBox Zipping: https://www.hackthebox.com/machines/z... Zipping Blog Post: https://0xdf.gitlab.io/2024/01/13/htb... FoxyProxy / Burp Video:    • Configuring Burp + FoxyProxy + Firefox   Stack Overflow Post: https://stackoverflow.com/questions/3... zipfile Docs: https://docs.python.org/3/library/zip... ☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf [00:00] Introduction [00:20] Manual Exploit Demo [02:34] Rationale for scripting [03:01] Getting symlink in Zip [07:34] Testing Zip creation [09:37] Improving file timestamp [12:00] Sending file to website [15:40] Getting URL of upload [17:15] Getting raw result file [17:42] Reading binary files [18:32] Testing updated script [19:33] Conclusion #pentest #ctf #bugbounty #python #zip #virustotal