all InfoSec news
HackTheBox - Photobomb
Feb. 11, 2023, 3:30 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
02:17 - Discovering this is a ruby Sinatra Web App based upon error message
03:15 - Discovering credentials in javascript
04:30 - Examining the HTTP Request to resize images and discovering an RCE
10:10 - Getting a reverse shell
11:12 - Discovering we have SETENV with sudo on a script, checking for path injection
12:30 - Exploiting path injection with the find command
16:00 - Exploiting path injection because the script disables …
app command credentials error exploiting find hackthebox http images injection javascript message nmap path photobomb rce request reverse reverse shell ruby script shell start sudo web web app
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Architect - Hardware
@ Intel | IND - Bengaluru
Elastic Consultant
@ Elastic | Spain
OT Cybersecurity Specialist
@ Emerson | Abu Dhabi, United Arab Emirates
Security Operations Program Manager
@ Kaseya | Miami, Florida, United States
Senior Security Operations Engineer
@ Revinate | Vancouver