Finding 0days in Enterprise Web Applications

Finding 0days in Enterprise Web Applications

NahamSec via YouTube Direct link

Mapping out the attack surface

23 of 32

23 of 32

Mapping out the attack surface

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Finding 0days in Enterprise Web Applications

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What is HCL Digital Experience /IBM Websphere Portal
  3. 3 Decompiling JARS
  4. 4 Finding The Attack Surface
  5. 5 Finding the endpoint . One of the hardest bits of source code analysis when finding bugs through grep is identifying the endpoint that the configfiles/code are triggered by . This one was easy, they …
  6. 6 Chaining a Lotus Domino Open Redirect
  7. 7 Variant Hunting • Discovering other occurrences of similar vulnerabilities
  8. 8 Super SSRF
  9. 9 Variant Hunting #2
  10. 10 Chaining the vulnerability through IBM KC
  11. 11 Fail: Another attempt at XXE
  12. 12 Post Auth RCE via Directory Traversal
  13. 13 References
  14. 14 What is Solarwinds Web Help Desk? . Basically a central ticket management system for your enterprise • Connect with Solarwinds Orion
  15. 15 Development Hardcoded Credentials
  16. 16 Production Hardcoded Credentials
  17. 17 What does this let us access? . These credentials let us access a big part of the Spring web app embedded in this software . The most interesting controller for this was found at /helpdesk/WEB-INF
  18. 18 Hibernate Query Routes
  19. 19 Putting it all together
  20. 20 Exploit Writeup
  21. 21 What is Sitecore's Experience Platform?
  22. 22 Grabbing Sitecore Source Code
  23. 23 Mapping out the attack surface
  24. 24 Discovering the vulnerable endpoint . When we investigated some of the files inside the sitecore/hel directory, we following contents
  25. 25 Report.cs
  26. 26 ReportDataSerializer.cs
  27. 27 Crafting a payload
  28. 28 Final RCE Payload
  29. 29 Blob Handler.ashx
  30. 30 Encryption Function
  31. 31 Getting the Master Key
  32. 32 Default Master Key

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.