HackTheBox - FormulaX скачать в хорошем качестве

HackTheBox - FormulaX

00:00 - Introduction 01:00 - Start of nmap 04:30 - Examining the Change Password functionality 06:20 - Discovering XSS In the Contact Form 11:15 - Building an XSS Cradle that manipulates the DOM to load an external JS file 18:35 - Creating an XSS that will send interact with the webchat and exfil messages back to us 26:30 - Discovering a new subdomain from the Online Chat 30:15 - Showing why we could not use Script SRC with our XSS Attack and why we used the DOM Technique 37:34 - Looking at the Git Auto Report Generating and discovering it uses simple-git v3.14 which has an RCE Vulnerability 44:40 - Shell on the box, dumping the mongo database 52:00 - Shell as Frank_Dorky 52:30 - Looking at the services running on the box to enumerate what each port is 55:30 - Showing bad permissions on the LibreNMS Directory which allows us to read and execute files in /opt/librenms 59:30 - Using the Templates in LibreNMS to get code execution 01:04:00 - Showing the intended way to exploit LibreNMS which is using a malicious SNMP Trap to attack an admin via XSS 1:17:30 - Exploiting the OpenOffice network port