00:00 - Introduction
01:05 - Start of nmap, then gobuster to do a vhost scan
05:50 - Enumerating RocketChat version by looking at the version of Meteor it uses
10:30 - Registering for a RocketChat Account then reading the chat to get information about ClearML
11:50 - Logging into ClearML, looking at the project to see some scripts which are running
13:30 - Discovering ClearML Version in the footer of the settings page and finding public exploits
15:50 - Setting up the ClearML API on our box
18:30 - Building our script to upload a pickle artifact to ClearML And getting a shell
27:30 - Copying the SSH Key from the box and logging in
28:30 - We can run a bash script with sudo that runs a pytoch model, before doing so it uses Fickle to identify if it malicious
30:30 - Creating an exploit script to save a malicious pytorch file and getting a root shell
33:00 - BEYOND ROOT: Going into Fickling about how it works, changing our payload from os.system to subprocess.popen and seeing its detection gets less confident
38:00 - Showing you can import fickling in your project which hooks the unserialize function and refuses to unserialize anything thats not safe
40:00 - Disassembling the pytorch file to show what fickle looks at
43:00 - Start of dumping MongoDB - failing to find an IP Address because our netcat was doing a DNS Lookup
52:00 -- Downloading Mongo Database Tools so we can do a mongodump and view all the data
Support the originator by clicking the read the rest link below.