Student Reviews
( 5 Of 5 )
1 review
Video of Demonstrating XSS,RCE and PostgreSQL Exploitation HackTheBox RedCross in Web PenTesting course by Motasem Hamdan Cyber Security & Tech channel, video No. 15 free certified online
RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We'll start by listing a website and demonstrating two distinct techniques, SQL injection and XSS, for obtaining a cookie that may be used to access the admin panel. Then, using either an exploit in the Haraka SMTP server or an injection into a webpage and manipulation of the PostgreSQL database that manages the users in the ssh jail, We'll gain access to the box as Penelope. Finally, We'll demonstrate three different ways to escalate to root, as well as two additional approaches that involve the database among them.
Receive Cyber Security Field Notes, Certification Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
HackTheBox Red Cross
https://www.hackthebox.com/machines/redcross
Writeup
https://motasem-notes.net/demonstrating-xssrce-and-postgresql-exploitation-hackthebox-red-cross/
Patreon
https://www.patreon.com/motasemhamdan?fan_landingtrue
Instagram
https://www.instagram.com/dev.stuxnet/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Website
https://www.motasem-notes.net
Backup channel
https://www.youtube.com/channel/UCF2AfcPUjr7r8cYuMvyRTTQ
My Movie channel:
https://www.youtube.com/channel/UCilElKPoXEaAfMf0bgH2pzA