00:00 - Intro
00:57 - Start of nmap
02:50 - Taking a look at the website
05:20 - Showing some differences between Ffuf and Wfuzz
08:30 - Finding a known exploit against the Exam Reviewer Management System
11:30 - Explaining the boolean injection then running SQLMap
15:40 - Using SQLMap to extract databases, tables, and some data
18:50 - Discovering the OldManagement site, dumping its database then logging in
26:30 - Exploiting the file upload vulnerability in OldManagement by replacing .htaccess
28:20 - Explaining various ways a developer may handle the file save
40:00 - Low privilege shell returned, in a docker find credentials in configuration files. Then SSH into the box
47:20 - Examining port 4873 which is Verdaccio, an NPM Registry. Downloading packages to find hard coded credentials
51:20 - Going over the app startup script which we can run with Sudo. Ubuntu 18 sudo preserves $HOME variable so we can replace the registry in npmrc with one running on our box
55:10 - Using docker on our system to pull and run verdaccio
57:20 - Creating a malicious npm package, then getting a shell on the box
1:04:40 - Exploiting RoundCube 1.4.2 with CVE-2020-12640
Support the originator by clicking the read the rest link below.
