Feb. 3, 2024, 3 p.m. | IppSec

IppSec www.youtube.com

00:00 - Intro
01:00 - Start of nmap
03:10 - Enumerating port 5000/5001 to see a Docker Registry and Auth Server
06:10 - Creating our auth token for the Docker Registry
08:45 - Adding the SSL Cert to our certificate store, then doing a docker pull to download and run the container
13:00 - Discovering JSESSIONID Cookie, attempting the weird directory traversal bug of /..;/ (nginx directory didn't have a trailing slash on the location)
16:45 - The Examples directory …

auth cert certificate container cookie docker doing download hackthebox nmap port registry run server ssl start store token

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Field Account Executive

@ Darktrace | Americas

Account Executive

@ Darktrace | Los Angeles

Field Account Executive

@ Darktrace | Michigan, United States

Field Account Executive

@ Darktrace | Ohio, United States

Named Account Manager - Telco & Enterprise, Thailand

@ Palo Alto Networks | Bangkok, Thailand