HackTheBox - Meta

Рет қаралды 23,104

Күн бұрын

00:00 - Introduction
00:55 - Start of nmap
03:10 - Running a VHOST enumeration scan
04:00 - Discovering the Metaview application which is an image upload
04:50 - Attempting to exploit the file upload, uploading non images.
07:00 - Editing the exif metadata to put PHP tags in the image, still failing to get code execution but find XSS
09:00 - Looking for public exploits against exiftool
10:10 - Creating a malicious image with CVE-2021-22204 against ExifTool, DjVu exploit
15:00 - Reverse shell returned, examining the application
18:30 - Discovering Convert_images directory, using grep to find out if anything uses it and finding a script
20:30 - Finding the convert_images script uses an old copy of mogrify which uses image magic and has a vulnerability
21:30 - Exploiting CVE-2020-29599 in mogrify/image magic
28:50 - Our user can run neofetch with sudo, and XDG_CONFIG_HOME is preserved. Exploiting it by putting a malicious config

Пікірлер: 24

@snappie4180 Жыл бұрын

25:48 "We're ganna do some editing magic to skip this time" Well that was a lie xD

@ippsec Жыл бұрын

Forgot to edit 😂 whoops

@technovikingsnephew8833 Жыл бұрын

@@ippsec I enjoyed the silence. The only way to make it more realistic is if I could hear music bleeding through your headphones as we waited

@sand3epyadav Жыл бұрын

Oh my god my favrate ipp... I love you sir........

@V1-ENN Жыл бұрын

Thank you this video helpful 🌹

@ppdd3651 Жыл бұрын

Love it

@howismake Жыл бұрын

bravo a lot and things I learned from you

@elatedmaniac Жыл бұрын

When I did this a month ago, I kept banging my head against a wall because the box kept eating my svg payloads... then, I realized that was a good thing. All hail the cron jobs.

@plushplush7635 Жыл бұрын

@chandraprakashntc Жыл бұрын

😍😍😍😍😍😍😍

@sp3ct3r71 Жыл бұрын

hey ippsec quick request .. please give a walkthrough for noter machine also

@AUBCodeII Жыл бұрын

What's going on, KZfaq, this is Mark Ippberg

@ryanboland7307 Жыл бұрын

Wow

@cy_wareye7395 Жыл бұрын

Rly thx. I cant make it in sime reason when i tried month ago.

@wkppp4732 Жыл бұрын

Where's ipp?

@shaikhshafeen Жыл бұрын

first!

@xB-yg2iw Жыл бұрын

The biggest surprise from this video is ippsec doesn't know neofetch hahaha

@crusader_ Жыл бұрын

He was gaining skills when you were neofetching for the 67th time for no reason. That's why.

@xB-yg2iw Жыл бұрын

@@crusader_ alright buddy no need to be an asshole I just thought it was funny

@ishaanmahajan4683 Жыл бұрын

@@crusader_ 67th huh...!? u should have said 69th atleast lmao

@sidss007 Жыл бұрын

This video depresses me. I wonder will I ever be even half as good as him or the other guys. Oh god why did I choose security domain 😕😢

@VrajBharambe0 Жыл бұрын

dont worry bhai, you will feel the same everytime in this field. Just keep learning, make notes and perform yourself.

@declanmcardle Жыл бұрын

neofetch is like winver :-) Also, have you tried $ stty sane - it might remove the need for stty rows cols etc.

@lumenknotty6355 Жыл бұрын

I cannot find the subdomain using gobuster. I got it with wfuzz. Any idea why gobuster couldn't find it? gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u artcorp.htb -o vhost.log