00:00 - Intro
01:05 - Start of nmap, getting distribution by googling SSH/HTTP Server headers
02:40 - Checking out the web page and discovering it is a Laravel PHP Application based upon the cookie
04:10 - Talking a little bit about Laravel Internals, and why our web request is going to the API Middleware is useful
05:50 - Showing that Laravel accepts data in the BODY even if it is a GET Request
08:25 - Changing our content type to JSON which will allow us to send JSON to the Laravel API
09:42 - Setting the password to the boolean true and bypassing login, explaining why === is important
12:40 - Logging into the application and discovering a zip file that is encrypted with ZipCrypto
13:15 - Showing where I got the inspiration for creating this challenge! An actual leaker made this mistake.
15:15 - Decrypting the zip with a known plaintext attack with bkcrack
22:50 - Logging into the box with the SSH Key
23:30 - Looking at the Laravel Source Code to find where the login function is and getting the root password for the box
25:30 - Showing the vulnerable function of the applicaiton, and that using three equal signs instead of two would fix it.
Support the originator by clicking the read the rest link below.
