2020-09-28

[public] 23.8K views, 1.29K likes, 9.00 dislikes audio only

LiveOverflow

All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.

Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings

Pasteurize: /youtube/video/Tw7ucd2lKBk

00:00 - Intro

00:50 - Functionality Overview

01:29 - HTML Injection

02:25 - Making a Plan

02:50 - theme.js Discovering JSONP Endpoint

03:51 - user.js The User Class

04:23 - utils.js Start of Chain

04:44 - No Ideas...

05:07 - DOM Clobbering: window.load_debug

06:05 - Doing Security Research

07:25 - Anything else to clobber?

07:49 - Start from beginning, discover __debug__

08:10 - The load_debug() function

09:20 - window.name is special

09:41 - Try it yourself!

10:00 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-