HackTheBox - Snoopy

00:00 - Introduction
01:00 - Start of nmap, discovering ssh/dns/http
02:30 - Taking a look at the website
04:00 - Discovering a message about DNS, taking a look at the DNS and discovering zone transfers are enabled
09:40 - Identifying the website is running with PHP Enabled, then running gobuster
13:00 - Attacking the file download and discovering File Disclosure
15:35 - We got lucky discovering the File Disclosure filter bypass, using FFUF which would be make catching this more …

dns download file gobuster hackthebox http introduction message nmap php running ssh start website