all InfoSec news
HackTheBox - Download
Nov. 11, 2023, 3:02 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
05:30 - Playing with the download file functionality, discovering the UUID is the file on disk and not column in database by prepending a slash
09:00 - Finding a File Disclosure vulnerability, extracting application source code, getting source code of the app
13:15 - Start of signing our own cookies, examining the sig cookie to discover it is 40 bytes which is likely sha1
16:00 - Playing with Cyber Chef to discover …
app application code column database disclosure disk download file hackthebox introduction nmap own signing source code start vulnerability
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC