00:00 - Introduction 00:46 - Start of nmap 05:30 - Looking at CVE-2023-43208, Exploiting Mirth Connect 4.4.0 07:45 - Extracting the payload from python so we can send it via the API, getting ping to work to verify RCE 09:22 - Getting a reverse shell working in one-shot, weird oddity due to Java Deserialization 13:10 - Reverse shell returned, dumping the database 16:00 - Looking at Mirth Connect Source Code to see how the passwords are stored, then getting the passwords in a format hashcat likes to crack 27:00 - SSH as Sedric, discovering an app listening on port 54321, doing some weird eval 36:20 - Getting a payload to the custom webserver, troubleshooting XML Schema validation 40:20 - Confirming code execution then building a payload to get a shell
Trust cues for videos
Clips curated by TrustOps carry the Curated label. External embeds link out to the original publishers.