Markdown to PDF Code Injection (CSAW CTF 2022)
Рет қаралды 79,072
Жыл бұрынSpecial thanks to Snyk sponsoring this video -- try Snyk for free to find vulnerabilities in your own projects! j-h.io/snyk
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
🐜Zero2Automated ➡ MISP & Malware Sandbox j-h.io/zero2auto-sandbox
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@dz4k.com. Жыл бұрын
Some context on the payload. Frontmatter, which is what the triple dashes are, is a feature of some markdown processors to include data like title, date of publication, author name etc. at the start of a document. It's usually YAML data. However, gray-matter, a frontmatter parsing library, lets you use alternative formats such as JSON, TOML, and yes, JavaScript by specifying the language after the triple dashes (---js). This is very useful for some things, but should not be used with untrusted markdown.
@thatcreole9913 Жыл бұрын
Great work John! This continues to be my favorite YT channel.
@vectar Жыл бұрын
Quite simply the best, hands down.
@Dettune Жыл бұрын
Literally
@mr.picklesworth Жыл бұрын
I love the CTF videos please keep them coming.
@y.vinitsky6452 Жыл бұрын
You could also use rlwrap before your nc command to get a somewhat better shell out of the box
@renzoneomarmachado7555 Жыл бұрын
Awesome! I didn't know about this before. It's the first time I see a RCE with a XSS and a SSRF with the same XSS. Great job dude! :D
@viv_2489 Жыл бұрын
Love your content always 👌🙏
@AmA-mu4si Жыл бұрын
Always good
@RandomStuffGaming21 11 ай бұрын
I just discovered this channel, fantastic🗣️🗣️🗣️🗣️🔥🔥🔥🔥🔥🔥
@TAPCybersec Жыл бұрын
This guy is a wizard!!
@Hashghost21 Жыл бұрын
I remember Ippsec used the same synk payload in solving noter form HTB 😂 good work John
@TheSauxer Жыл бұрын
Talking about Snyk, you know what would be fun? Finding a vulnerability in Snyk that you can exploit to actually inject vulnerabilties into applications, into your code
@norbalvazquez9843 Жыл бұрын
Biggest menace comment i've ever seen
@mochsy22 Жыл бұрын
Excellent work
@mahfoudhifatma6144 Жыл бұрын
Thanks John , nice work
@accountname1047 Жыл бұрын
Love these videos
@YouKnowTGreen Жыл бұрын
This was dope!!! So funny i am watching and dont have a clue what you was doing but it was fun watching..... make me want to become a ethical hacker and move from my network position.
@EnglishRain Жыл бұрын
Wow you solved it super quick
@rodrilea1 Жыл бұрын
Awesome video, thanks.
@MygenteTV Жыл бұрын
the content you put out is just out of this world. i follow many hackers but you are out of you league bro
@mango-gu5xo Жыл бұрын
Awesome content!
@helloguy1179 Жыл бұрын
What an amazing video!
@philldevil2 Жыл бұрын
I am already using it, thanks
@kavishkagihan9495 Жыл бұрын
One of my boxes in hackthebox called "Noter" had the same vulnerability!
@kundananji1 Жыл бұрын
Man! I took a break from CTF and looking at this showcase , sing me up for the next CTF
@whamer100 Жыл бұрын
woah that was cool, i really need to do some CTFs again
@HAGSLAB Жыл бұрын
This one sounds very interesting John! Excited to watch this later.
@TheIGORGOSPEL Жыл бұрын
I loved it, i used to be lost on it, for now I'm ready))) thanks for all Mr John)))
@n0kodoko143 Жыл бұрын
Thank you
@PandaBero83 Жыл бұрын
after almost 30 yeqr of playing with linux CLI, i learned about ^L ... i feel stupid lol and nice one!
@Asteroid10010 Жыл бұрын
Legend Hammond
@bigappleplug6021 Жыл бұрын
I like that shirt !!
@ayushoverhere Жыл бұрын
Hmm, good work
@daviddaniel4844 Жыл бұрын
Awesome 😎😎😎
@muzamilahmed6868 Жыл бұрын
Awesome
@dorondaniel318 Жыл бұрын
Hey guys! Can anyone explain to me why do we need the wrapping of the "bash" command? Why doesn't bash work on it's own (or sh for that matter)? p.s. great video :)
@ThisPageIntentionallyLeftBlank Жыл бұрын
Curious if you could use this to trigger a MSF payload that kicks off a Sliver Beacon followed by a Cursed Chrome/Edge remote debug session?
@MorphineFAME Жыл бұрын
Could you slow down you're going to quack... lmao Gg, love the videos. Keep up the great work! ^_^
@jocularich Жыл бұрын
this is cool...
@trap7369 Жыл бұрын
O .O great
@mauricekyalo9101 Жыл бұрын
Ik the drill😂
@olalekanadekanmbi3771 Жыл бұрын
Awesome,e
@RepublikSivizien Жыл бұрын
so, the ---js … --- stuff does the same as …?
@lakshayautreja6704 Жыл бұрын
It's just a syntax tag (--- or ```) instead of a HTML tag
@GalaxyAripl Жыл бұрын
what if i have simillar ctf problem but js injection doesnt work?
@HAGSLAB Жыл бұрын
Very Snyky of you to use that Snyk vuln DB John! 😉 Fun challenge, I remember doing a very similar one on some other CTF or maybe TryHackMe once.
@blackhat5133 Жыл бұрын
OP
@leo9.online701 Жыл бұрын
🎉🎉🎉
@guilherme5094 Жыл бұрын
👍
@harshjain6256 Жыл бұрын
Hi I have a question Unfortunately I am getting electrical engineering [due to a f*ck education system] But I want to become a cybersecurity analyst Is it acceptable if I do my btech in electrical and after that Will I able to get into cybersecurity field
@jak365 Жыл бұрын
Cool ☠👻
@HTWwpzIuqaObMt Жыл бұрын
First here. Awesome video keep it up
@utensilapparatus8692 Жыл бұрын
John the ripper
@Fahodinho Жыл бұрын
I think it would be better to solve the challenges live, so we can see your thought process, as opposed to knowing the solution beforehand
@na-sx7ji Жыл бұрын
2:42 Hey guys, to see the code you have to click the right button on your mouse (that's the device you use to control your cursor) and select the option that reads "View Page Source" :) 15:40 aight, so I'm gonna get a reverse shell by starting a netcat listener, then using ngrok as a redirect, I will grab this bash script, set the correct variables and execute it within another bash call and done, we are in. Feel free to use stty or pwncat to get a better shell. draw the rest of the fucking owl much? lol
@dumbidiot1119 Жыл бұрын
I feel like if someone doesn't know how to right click they should focus on stuff a little simpler at the moment
@magicboys2010 Жыл бұрын
Hey John, Are you coming to black hat event in MIDDLE EAST AND AFRICA, located in Riyadh , Saudi Arabia on 15-17 November 2022. You should cooooome!! I want to take a pic with yaa :p
@JUSTHACKED Жыл бұрын
people commenting without watch video
@jakeswick1843 Жыл бұрын
Ayeeee
@tagKnife Жыл бұрын
CTF challanges where the answer is the first result on google. YAWN. This aint a CTF its a skid playground.
@tehwinsam3522 Жыл бұрын
John, considering cut your hair ? haha. just asking >#
@AGASTRONICS Жыл бұрын
Oops
@Pavankumar0732 Жыл бұрын
You have not replied to my email..!
@cirklare Жыл бұрын
You can use pdf-parser To get information about pdf And to know if it contains malware CVE-2010-1240 Adobe reader v9.x/8.x $ pdf-parser evil.pdf | grep exe Result be like /F (cmd.exe) Then it's a malware
LiveOverflow
Рет қаралды 88 М.