Exploiting Insecure Deserialization: Node-Serialize
HTML-код
- Опубликовано: 19 сен 2024
- Quick demo on how to exploit deserialization vulnerabilities using the Celestial machine from HTB:
Blog Post: TBA
SOCIALS📱
=========
Checkout my newsletter: www.navigating...
Recommended Courses:
PNPT Voucher: academy.tcm-se...
PEH Course: academy.tcm-se...
Python 101: academy.tcm-se...
Windows Priv Esc Course: academy.tcm-se...
Linux Priv Esc Course: academy.tcm-se...
thank you very much bro for "opening my eyes" and fresh idea of attack vector!
previously I missed idea (shame🤦🏻♂) that cookies and other similar stuff in base64 with JSON inside are... also processed by nodejs!
Brother, your explanations are fantastic! I can see you have a great understanding of deserialisation. Please keep your videos going, it’d be great to learn more from you. And of course, best wishes with your OSWE. You got this!
I appreciate that! More to come hopefully
7:47 - "Unexpected token " - it seems it expects token "" ! 🤣🤣🤣
Sorry, but I still can't understand how code executed from JSON's string parameter?
I didn't see eval() anywhere in the code (usually, in real life, in real sites nodejs backend codes) which process JSON input string fields 🙂
good luck on your OSWE
i appreciate that
stay consistent please bro
i'll try lol, work it kicking my ass
Can i start my cyber security journey (CCNA) with this one..Lenovo ThinkPad T470s Core i7-6600U 16GB 256GB SSD 1920x1080 IPS Backlit WWAN ..thank you
Yes.
yes