Completed
Zap to the rescue
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Don't Ruck Us Too Hard - Owning All of Ruckus AP Devices
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Ruckus Networks Equipment
- 3 echo SUSER
- 4 R510 Unleashed
- 5 Firmware
- 6 Dockerized QEMU
- 7 Server Web Directory
- 8 Fetching rpmkey
- 9 CLI Jailbreak
- 10 Retrieving functions names
- 11 Web interface - authentication mechanism
- 12 Web interface - Session check
- 13 Standard ajax request
- 14 Unauth ajax request
- 15 Exploitation
- 16 What about command injection?
- 17 sys_wrapper.sh
- 18 Weird stuff
- 19 Session needed
- 20 Zap to the rescue
- 21 Arbitrarily file write
- 22 Zapd server
- 23 Zap command
- 24 Chained vulnerabilities
- 25 Conclusions
- 26 Post Research
- 27 Final thoughts