all InfoSec news
HackTheBox - Sau
Jan. 6, 2024, 4:22 p.m. | IppSec
IppSec www.youtube.com
00:40 - Start of nmap
02:00 - Examining the website, playing with the basket, trying SSTI/SQL Injection special characters
04:30 - Looking at the settings, discovering we can perform a SSRF and get the response back. Grabbing localhost:80
06:10 - The local website runs maltrail 0.53, examining the exploit then manually exploiting it to get a shell
09:10 - Shell returned, checking if we really needed to encode the payload
13:00 - When systemctl runs status, it …
back characters exploit exploiting grabbing hackthebox injection local localhost nmap response settings special sql sql injection ssrf ssti start website
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC