Documentation Index
Fetch the complete documentation index at: https://rootea.es/llms.txt
Use this file to discover all available pages before exploring further.
OverGraph
| · | · |
|---|---|
| Operating system | Linux |
| Difficulty | Hard |
| IP | 10.10.11.157 |
| Retirement date | — |
| Skills | Virtual Hosting Information Leakage Open Redirect Exploitation Open Redirect to XSS (Cross-Site Scripting) - Playing with eval/atob Open Redirect + XSS evasion technique to fetch an external resource (1st way) [Not working at all] XSS Exploitation - Loading encoded URL document.body.innerHTML external file (2nd way) [Success] Subdomain Enumeration - Gobuster JS File Inspection - Information Leakage API Enumeration Abusing API - Attempting to register a new user NoSQL Injection - OTP Code Bypass Abusing API - We have been able to register a new user Abusing CHAT - A user checks our links Abusing CHAT - Link Inspection + Open Redirect + XSS Creating a malicious JS file - Controlling the flow of requests JWT Inspection Creating a Bash script to enumerate valid users through the API Abusing API - We found 3 valid users Inspecting the LocalStorage LocalStorage Headers Manipulation - Attempting to impersonate a user [Failed] LocalStorage Headers Manipulation - Assigning admin privileges to our user LocalStorage Headers Manipulation - We found a new file upload field File Upload Attempt (No admintoken header present) [Failed] CSTI (Client Side Template Injection) Exploitation Stored/Reflected XSS (Cross-Site Scripting) Attack - AngularJS AngularJS XSS + LocalStorage Data Fields Exfiltration GraphQL Enumeration Abusing GraphQL - Basic Enumeration (Listing the name of all the types being used) Abusing GraphQL - Extracting all the types and it’s arguments Abusing GraphQL - Causing errors to list sensitive data Abusing GraphQL - Enumerating Database Schema via Introspection GraphQL Voyager - Visualizing the data through Introspection Abusing GraphQL - Creating our own queries in order to list users information Abusing LocalStorage - User Impersonation (ID included) [Success] OpenRedirect + XSS + CSTI + JS Malicious File + GraphQL Concatenaed Attack - Stealing adminToken We managed to obtain the adminToken by updating the profile using the previous attack Abusing File Upload - FFmpeg Exploitation External SSRF and Local File Read via video upload due to vulnerable FFmpeg HLS processing Creating specially designed m3u8 and avi files Local File Read - Data Exfiltration through FFmpeg exploitation FFmpeg exploitation - Reading SSH private key (user id_rsa) Gaining access via SSH as the user ‘user’ Abusing Node Project - Manipulating the service logic to inject commands as root [Unintentional way] We were able to assign SUID privileges to the system bash |