all InfoSec news
HackTheBox - Mailroom
Aug. 19, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap, discovering two different OS's
02:30 - Running Gobuster to bruteforce VHOST
03:30 - Discovering XSS but nothing we can really do with it
04:00 - Enumerating Gitea, discovering a repo with some source code
05:40 - Opening the code with VS Code and Snyk. Discovering a RCE Vulnerability but requires login
07:30 - Discovering an EAR (Execute After Read) Vulnerability on Authentication
09:10 - Start of building our Javascript payload to exploit …
bruteforce code gobuster hackthebox introduction nmap rce repo running snyk source code start vs code vulnerability xss
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Risk and compliance specialist
@ ZainCash | Baghdad, Baghdad Governorate, Iraq
Information Security Compliance Analyst
@ Evelyn Partners | Liverpool, United Kingdom
Director of Security Engineering
@ Kasada | Melbourne