00:00 - Introduction
01:00 - Start of nmap
04:30 - Examining the Change Password functionality
06:20 - Discovering XSS In the Contact Form
11:15 - Building an XSS Cradle that manipulates the DOM to load an external JS file
18:35 - Creating an XSS that will send interact with the webchat and exfil messages back to us
26:30 - Discovering a new subdomain from the Online Chat
30:15 - Showing why we could not use Script SRC with our XSS Attack and why we used the DOM Technique
37:34 - Looking at the Git Auto Report Generating and discovering it uses simple-git v3.14 which has an RCE Vulnerability
44:40 - Shell on the box, dumping the mongo database
52:00 - Shell as Frank_Dorky
52:30 - Looking at the services running on the box to enumerate what each port is
55:30 - Showing bad permissions on the LibreNMS Directory which allows us to read and execute files in /opt/librenms
59:30 - Using the Templates in LibreNMS to get code execution
01:04:00 - Showing the intended way to exploit LibreNMS which is using a malicious SNMP Trap to attack an admin via XSS
1:17:30 - Exploiting the OpenOffice network port
Support the originator by clicking the read the rest link below.
