.jpg)
Securing Your Okta Environment After the HAR Breach
Learn how the recent Okta breach exposed HAR files and how SSPM solutions help prevent session hijacking, unauthorized access, and SaaS security threats.| www.reco.ai
Learn how the recent Okta breach exposed HAR files and how SSPM solutions help prevent session hijacking, unauthorized access, and SaaS security threats.| www.reco.ai
| app.hackthebox.com
| app.hackthebox.com
The website on Codify offers a JavaScript playground using the vm2 sandbox. I’ll abuse four different CVEs in vm2 to escape and run command on the host system, using that to get a reverse shell. Then I’ll find a hash in a sqlite database and crack it to get the next user. For root, I’ll abuse a script responsible for backup of the database. I’ll show two ways to exploit this script by abusing a Bash glob in an unquoted variable compare.| 0xdf hacks stuff
| app.hackthebox.com
It’s always useful to know as much about the technology stack behind a web application in order to exploit it. One simple way to get information about an application is to look at the 404 not found page. If the site hasn’t created a custom 404 page, it can be used to fingerprint the framework / language being used by the site.| 0xdf hacks stuff
Bash Pitfalls| mywiki.wooledge.org
Zipping has a website with a function to upload resumes as PDF documents in a Zip archive. I’ll abuse this by putting symlinks into the zip and reading back files from the host file system. I’ll get the source for the site and find a filter bypass that allows SQL injection in another part of the site. I’ll use that injection to write a webshell, and include it exploiting a LFI vulnerability to get execution. For root, I’ll abuse a custom binary with a malicious shared object. In Beyon...| 0xdf hacks stuff
The seven medium challenges presented challenges across the Web Security, Fun, Network Security, Forensic, Crypto, and Reverse Engineering categories. While I’m not always a fan of cryptography challenges, both day 13 and 14 were fantastic, the former having me abuse a weak hash algorithm to bypass signing requirements, and the latter having me recover an encrypted file and key from a core dump. There’s also a Bash webserver with an unquoted variable, a PCAP with a flag in the TCP source ...| 0xdf hacks stuff
