HackTheBox - Busqueda | allinfosecnews.com

Aug. 12, 2023, 3:05 p.m. | IppSec

IppSec www.youtube.com

00:00 - Introduction
01:00 - Start of the nmap
04:20 - Copying the request in burpsuite to a file so we can use FFUF to fuzz
06:00 - Just testing for SSTI
06:45 - Found two bad characters, putting a comment after a bad character to see where it is failing
08:20 - Discovering we can append to the string, then trying for executing code with print to test for eval statements
10:00 - Getting a reverse shell
15:00 - …

bad burpsuite characters ffuf file fuzz hackthebox introduction nmap request ssti start testing

More from www.youtube.com / IppSec

HackTheBox - Analysis 16 hours ago | www.youtube.com

analysis bruteforce can css +16

HackTheBox - Bizness 1 week ago | www.youtube.com

access authentication authentication bypass bypass +13

HackTheBox - Ouija 2 weeks ago | www.youtube.com

api cve domain ffuf +16

HackTheBox - Monitored 3 weeks ago | www.youtube.com

can community data default +7

HackTheBox - Napper 4 weeks ago | www.youtube.com

blog blog post bruteforce credentials +11

HackTheBox - Devvortex 1 month ago | www.youtube.com

application config deep dive dev +11

HackTheBox - Surveillance 1 month, 1 week ago | www.youtube.com

box cms exploit github +9

HackTheBox - Hospital 1 month, 2 weeks ago | www.youtube.com

can disabled docker files +16

HackTheBox - Codify 1 month, 3 weeks ago | www.youtube.com

blocked code code execution cracking +18

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com