all InfoSec news
HackTheBox - Encoding
April 15, 2023, 3:03 p.m. | IppSec
IppSec www.youtube.com
00:57 - Start of nmap
02:45 - Checking out the API Documentation
04:00 - Interacting with the API Server
05:15 - Showing the file_url, parameter and showing we can access local files
06:36 - Building a webserver in Flask to make some middleware to exploit this SSRF, allowing us to easily download files from the webserver
09:50 - Our middleware works! Can download files off the server.
11:15 - Downloading the apache2 configuration to find where all …
access api api documentation configuration discover documentation download encoding exploit files find flask gobuster hackthebox hidden introduction local middleware nmap parameter server ssrf start webserver
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)