all InfoSec news
HackTheBox - Analytics
March 23, 2024, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
03:20 - Discovering Metabase, noticing the HTTP Headers are different. Checking TTL just to see if it decrements from the main web page.
07:00 - Searching for an exploit for metabase, then enumerating version
09:30 - Manually exploiting Metabase by pulling the setup-token, then getting injection on the /setup/validate endpoint through the JDBC Driver
15:50 - Reverse shell returned
18:30 - Discovering credentials in the environment variables, then ssh into the box …
analytics exploit exploiting hackthebox headers http injection introduction main nmap page start token ttl version web
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)
@ WWC Global | Reston, Virginia, United States
Security Architect (DevSecOps)
@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
Infrastructure Security Architect
@ Ørsted | Kuala Lumpur, MY
Contract Penetration Tester
@ Evolve Security | United States - Remote
Senior Penetration Tester
@ DigitalOcean | Canada