all InfoSec news
HackTheBox - CozyHosting
March 2, 2024, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
03:10 - Identify JSESSIONID with nginx, but nginx appears to be configured correctly
06:00 - Googling the error message to identify the page uses SpringBoot, using a SpringBoot wordlist to find actuators!
10:30 - Using the Sessions Actuator and seeing a session for kanderson, logging in to get to the admin interface
14:15 - Finding RCE in the ExecSSH Page
23:20 - Shell on CozyHosting, looking at running services
26:00 - Examining …
actuators error find hackthebox identify introduction logging logging in message nginx nmap page session sessions springboot start wordlist
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Officer Hospital Laguna Beach
@ Allied Universal | Laguna Beach, CA, United States
Sr. Cloud DevSecOps Engineer
@ Oracle | NOIDA, UTTAR PRADESH, India
Cloud Operations Security Engineer
@ Elekta | Crawley - Cornerstone
Cybersecurity – Senior Information System Security Manager (ISSM)
@ Boeing | USA - Seal Beach, CA
Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas
@ Goldman Sachs | Dallas, Texas, United States