00:00 - Introduction
01:00 - Start of nmap
02:50 - Playing with the Javascript Editor, discovering filesystem calls are blocked
04:45 - Discovering the sandbox is vm2, going to github discovering it is discontinued with known security issues
06:30 - Getting code execution, then a reverse shell
09:50 - Discovering a second website with a database, cracking hashes in the database
12:50 - Discovering Joshua can run a bash script with sudo
15:00 - Looking at the Bash Common Pitfall guide which shows the error in the if/then logic in the bash script
15:55 - Explaining why the bash if/then is exploitable when user input is on the right side and unquoted
18:30 - Bypassing authentication in the script with a *, then looking at processes and seeing mysql censored the password on ps
20:50 - Running pspy which will grab the cmdline arguments before mysql has a chance to rewrite argv
21:50 - Showing HIDEPIDS in /etc/fstab to hide processes of other users
24:30 - Writing a program that can spoof argv on linux
26:30 - Showing how we grab the memory location of argv
27:30 - Looping over each argument, so we could overwrite a specific one if we wanted to
29:15 - Showing our process run with a blank process
33:30 - Making our program ps output blend in more
Support the originator by clicking the read the rest link below.
