Hacking VOIP Web Applications | MagnusBilling | TryHackMe Billing Walkthrough скачать в хорошем качестве

Hacking VOIP Web Applications | MagnusBilling | TryHackMe Billing Walkthrough

This video explores how VOIP web applications, specifically MagnusBilling, can be exploited using simple command-line techniques. This video also provides the answers for TryHackMe Billing room. **** Receive Cyber Security Field, Certifications Notes and Special Training Videos https://buymeacoffee.com/notescatalog... Writeup https://motasem-notes.net/hacking-fin... ****** MagnusBilling Source Code https://github.com/magnussolution/mag... MagnusBilling CVE https://eldstal.se/advisories/230327-... **** Store https://buymeacoffee.com/notescatalog... Patreon   / motasemhamdan   Instagram   / mastermindstudynotes   Google Profile https://maps.app.goo.gl/eLotQQb7Dm6ai... LinkedIn [1]:   / motasem-hamdan-7673289b   [2]:   / motasem-eldad-ha-bb42481b2   Instagram   / mastermindstudynotes   Twitter   / manmotasem   Facebook   / motasemhamdantty   *** 00:00 Introduction to VOIP Web App Hacking 00:08 Overview of TryHackMe Billing Challenge 00:19 Initial Reconnaissance with Nmap Scan 00:39 Identifying Open Ports & Services 01:20 Increasing Scan Speed with Nmap Timing Options 01:39 Discovering Asterisk Call Manager Service 01:57 Exploring the Web Application on Port 80 02:26 Identifying the Application: Magnus Billing 03:02 Locating the Source Code on GitHub 03:24 Finding the Application Version 04:22 Searching for a ReadMe File 05:09 Determining the Magnus Billing Version 05:17 Searching for CVEs & Vulnerabilities 05:26 Identifying a Command Injection Vulnerability 06:09 Understanding the Code Execution Flow 06:50 Examining the Vulnerable PHP Code 07:46 Why the Code is Vulnerable to Command Injection 08:28 Testing the Vulnerability with a Proof of Concept 09:35 Sending a Sleep Command to Confirm Exploitation 10:47 Executing a Reverse Shell 11:17 Setting Up a Netcat Listener 11:56 Crafting a Netcat Reverse Shell Payload 12:44 Sending the Exploit to Get a Shell 13:10 Confirming Shell Access as Asterisk User 13:27 Privilege Escalation Strategy 13:36 Checking Sudo Privileges 13:50 Exploiting the Fail2Ban Client for Root Access 14:42 Understanding Fail2Ban and Its Configuration 15:15 Listing Active Jails in Fail2Ban 16:07 Identifying a Jail for Exploitation 16:27 Viewing the Jail Configuration File 17:14 Finding the Fail2Ban Action Path 18:14 Modifying the Ban Action to Execute a Shell 19:41 Verifying the Modified Ban Action 20:45 Triggering the Jail to Escalate Privileges 21:56 Manually Banning an IP to Execute the Payload 22:48 Confirming the UID Bit on Bash 23:16 Executing Bash as Root 23:19 Retrieving the Root Flag 23:31 Finding the User Flag in the Home Directory