00:00 - Intro
01:00 - Start of nmap
02:20 - Downloading the APK
03:30 - Running apktool to decode the APK, examining files, don't get much info
05:30 - Finding a certificate in the application that gives up the host name
07:00 - Trying out another APK Decompiler, Bytecode Viewer
10:15 - Start of setting up Genymotion
12:00 - Setting up the phone, accidentally choosing an ancient version which won't work
14:00 - Dragging the app to install it to the phone, get an error have to manually look at log file
14:40 - Setting up a newer phone so we can install the apk
16:00 - Installing the APK
16:40 - Configuring our phone to go through BurpSuite
18:15 - Changing burpsuite to listen on all hosts
19:00 - Showing the app is now going through burpsuite, adding the hostname to our host file
21:30 - Finding command injection in the communication between app and server, reverse shell fails
24:45 - Putting an SSH Key on the box
28:20 - Got a shell on the box digging through to figure out the SSH Server, finding something interesting but don't dig in
33:20 - Discovering the rules.v6 file for iptables likely isn't changed, discovering this is a way around the firewall block.
35:00 - Running LinPEAS but curling it over ipv6, http.server didn't listen, switching to netcat
40:00 - Running CVE-2021-3156, sudo baron samedit exploit
43:20 - Using IPv6 with our bash reverse shell
Support the originator by clicking the read the rest link below.
