00:00 - Introduction
00:58 - Start of nmap
01:45 - Trying to identify the technology running the webapp, 404 page reveals it is likely tomcat
03:00 - Running Gobuster, then checking out the page
04:00 - Uploading an image and discovering an file disclosure vulnerability
05:15 - Talking about how File Disclosures in Java can reveal directory listings, and grabbing pom.xml
07:45 - Using Snyk to identify vulnerabilities, but first we have to install Maven
10:45 - Exploiting CVE-2022-22963 Manually
11:55 - Playing with the exploit getting a reverse shell by dropping a file on the box (easy), then doing it without touching disk
18:30 - Shell as Frank, finding a password in the .m2/settings.xml file
19:50 - Shell as Phil
22:00 - Using find to show files owned by a group and finding a /opt/automation/tasks directory with ansible stuff
24:10 - Running Pspy to identify ansible is running on a cron job and executing any playbook in the automation directory
26:30 - Creating a playbook that sends us a shell
Support the originator by clicking the read the rest link below.
