HackTheBox - Perspective - Exploiting and Securing DotNet Web Applications ViewState

00:00 - Intro 01:00 - Start of nmap 02:25 - Looking at the website, looks like there’s different behavior for extensions 05:10 - Registering and logging into an account 06:30 - An unintended way to login, IDOR within the Forgot Password logic, can change usernames 09:15 - Uploading a new product, test XSS, File Upload 12:00 - Using FFUF with a raw http request to test for potential extensions 18:10 - Using SHTML to test for Server Side Inclusion SSI and leaking 21:15 - Going over the , pulling out sensitive things 26:30 - Decrypting the .aspx Forms Ticket and forging a new one that states we are admin 36:50 - The Admin page allows us to generate PDF’s, testing for XSS 38:20 - Attempting to redirect the save to pdf function with a meta tag 42:50 - Redirecting to localhost:8000 and discovering the swagger api for encrypt/decrypt 46:00 - Creating a webform to autosubmit data and allow us to decrypt a string. 51:00 - Creating a YSOSERIAL Gadge
Back to Top