DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]

Описание к видео DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]

Video walkthrough for "sanity", a web challenge from Amateurs CTF 2023. The challenge involved DOM clobbering, prototype pollution and XSS. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #AmateursCTF #CTF #Pentesting #OffSec #WebSec

You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blo... 🥰

↢Social Media↣
Twitter:   / _cryptocat  
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:   / cryptocat  
Reddit:   / _cryptocat23  
YouTube:    / cryptocat23  
Twitch:   / cryptocat23  

↢Amateurs CTF↣
https://ctf.amateurs.team/challs
  / discord  

↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundati...
PwnTools: https://github.com/Gallopsled/pwntool...
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentestin...
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
0:00 Start
0:33 Explore functionality
1:35 Code review
5:15 Vulnerability chain breakdown
8:48 Browser issue detour
9:27 Attack plan
10:22 Step 1: Clobber the DOM
13:16 Step 2: Protoype Pollution
17:42 Step 3: XSS (steal cookie)
20:27 Recap
23:31 End

Комментарии

Информация по комментариям в разработке

Похожие видео