00:00 - Introduciton
00:50 - Start of nmap, navigating to the page and identifying the framework based upon 404
02:30 - Playing around looking at javascript source, not getting anything
04:30 - Playing around with prd.m.rengering-api.interface.htb... I'm guessing file not found is the webserver, not actual code.
07:40 - Showing the difficulty of dirbusting API Servers
11:20 - Showing importance of updating FeroxBuster
15:00 - Playing with the HTML2PDF endpoint and discovering we need to send a POST with HTML as an argument
18:20 - The PDF Generated has dompdf 1.2.0 in the exif data searching for exploits
20:40 - Researching how CVE-2022-28368 works, then manually exploiting the vulnerabiltiy
28:50 - The CSS/Font is created, running the exploit and finding where the Font (PHP File) gets uploaded to
34:30 - Reverse shell returned
38:15 - Uploading pspy to examine how the box cleans itself up
40:20 - Discovering and exploiting Bash Arithmetic Injection
Support the originator by clicking the read the rest link below.
