Date: 17th Oct – ThursdayTime: 10:30-11:30Location: Ballroom B
With the rise of popularity of bug bounty within companies, more and more people are trying to make a living doing ethical hacking. But while low hanging bugs are still easy to find, making big bounty can be difficult. Most of the public writeup we see only scraps the surface and fail to provide real impact. The goal of this talk is to give advice to hunter on how to transform low impacts bugs into more valuable ones. We will use CTF techniques for pivoting, applied to real world applications.
We will explore 3 differents scenarios:
– First, we will exploit a self XSS and a lack of CSRF token, two low impacts bugs. But, chained together and with the usage of JS services workers allow an attacker to take persistant control of a victim browser even after the bug is fixed.
– Then I will demonstrate how a to get a root access on a server running docker using only a SSRF attack. The server will be running NodeJS and Axios as an http client.
– Finally, we will use a template injection on a flask application to exfiltrate private data from a readonly server by injecting a backdoor directly into memory. This will include a demonstration of a new tool made to help hunters exploit this kind of vulnerability. This tool will allow to log, redirect and modify the incomming traffic.