![]() That zip has a Git repo in it, and that leaks the production code as well as account creds. OpenSource starts with a web application that has a downloadable source zip. ![]() In Beyond Root, I’ll look at an unintended way to get admin on the website, and get JuicyPotatoNG working, despite most ports being blocked.Ĭtf hackthebox htb-opensource nmap upload source-code git git-hooks flask directory-traversal file-read flask-debug flask-debug-pin youtube chisel gitea pspy htb-bitlab I’ll use a padding oracle attack to encrypt cookies, and exploit a command injection via the cookie and the password reset process to get a shell as administrator. With a shell, I’ll find a staging version of the application with additional logging and some protections that break my previous attack. With that, I can sign a serialized object and get execution. ![]() I’ll decrypt another application key, showing both how to do it with math and via a POST request via the SSRF. There’s a server-side request forgery vulnerability in that part of the site, and I’ll use it to access a crypto service running on localhost. That key is enough for me to forge a cookie as admin and get access to additional places on the site. With that, I’ll leak one of the keys used by the application, and the fact that there are more protections in place. ![]() I’ll start by uploading a SHTML file that allows me to read the configuration file for the application. Perspective is all about exploiting a ASP.NET application in many different ways. ![]() Hackthebox ctf htb-perspective windows iis aspx dotnet feroxbuster web-config shtml upload burp burp-proxy burp-repeater burp-intruder filter formatauthenticationticket ssrf pdf html-scriptless-injection meta crypto deserialization viewstate viewstateuserkey machinekey nishang command-injection padding-oracle padbuster youtube potato seimpersonate juicypotatong htb-overflow htb-lazy htb-smasher ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |