all InfoSec news
HackTheBox - Extension
March 18, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap, then discovering a laravel app
05:00 - Laravel app uses Ziggy which exposes a list of all the routes
07:50 - Finding the /management/dump endpoint but we keep getting page expired (missing some headers)
12:50 - Using ffuf to brute-force the management/dump endpoint
15:55 - Dumping a list of users and then cracking them
21:30 - Enumerating virtualhosts, then looking at the roundcube version
27:50 - Discovering the first 32 characters of …
app brute brute-force cracking dumping endpoint expired extension hackthebox headers laravel list management missing nmap start version
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Level 1 SOC Analyst
@ Telefonica Tech | Dublin, Ireland
Specialist, Database Security
@ OP Financial Group | Helsinki, FI
Senior Manager, Cyber Offensive Security
@ Edwards Lifesciences | Poland-Remote
Information System Security Officer
@ Booz Allen Hamilton | USA, AL, Huntsville (4200 Rideout Rd SW)
Senior Security Analyst - Protective Security (Open to remote across ANZ)
@ Canva | Sydney, Australia