can you hack this screenshot service?? - CSCG 2021

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=FCjMoPpOPYI


Duration: 22:48
147,936 views
6,230

I made a web hacking challenge for the Cyber Security Challenge Germany (cscg) 2021.

Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/

00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro

-=[ ❤️ Support ]=-

→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2021-11-04How Hackers Get Into Every Device!
2021-10-26Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17Fuzzing Heap Layout to Overflow Function Pointers | Ep. 11
2021-10-06Video Essay about the Security Creator Scene
2021-09-26Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19Developing a Tool to Find Function Pointers on The Heap | Ep. 10
2021-09-12What Ethereum Smart Contract Hacking Looks Like
2021-09-04Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28"Controversial Security" // BSides Berlin 2021
2021-08-26using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19can you hack this screenshot service?? - CSCG 2021
2021-08-11C Code Review - Reaching Vulnerable Code in sudo | Ep. 08
2021-07-31DO NOT USE alert(1) for XSS
2021-07-24Understanding C Pointer Magic Arithmetic | Ep. 07
2021-07-17Crazy Steam Phishing Page
2021-07-10What is a Browser Security Sandbox?! (Learn to Hack Firefox)
2021-07-02Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06
2021-06-25Found a Crash Through Fuzzing? Minimize AFL Testcases! | Ep. 05
2021-06-18Understand Security Risk vs. Security Vulnerability!
2021-06-11Finding Buffer Overflow with Fuzzing | Ep. 04
2021-06-04Hacker Culture Meritocracy?


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
ctf
cscg
capture the flag
cyber security challenge
germany
ecsc
european cyber
cybersecurity
web hacking
bug bounty
headless chrome
docker
container
internal service
ssrf
self-xss
flask
jinja2
template engine
chaining bugs
chain bugs
walkthrough
solution
hacking tutorial 2021
ethical hacking
bug bounty hunting
self-xss attack