all InfoSec news
HackTheBox RegistryTwo
Feb. 3, 2024, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
03:10 - Enumerating port 5000/5001 to see a Docker Registry and Auth Server
06:10 - Creating our auth token for the Docker Registry
08:45 - Adding the SSL Cert to our certificate store, then doing a docker pull to download and run the container
13:00 - Discovering JSESSIONID Cookie, attempting the weird directory traversal bug of /..;/ (nginx directory didn't have a trailing slash on the location)
16:45 - The Examples directory …
auth cert certificate container cookie docker doing download hackthebox nmap port registry run server ssl start store token
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Application Security Engineer - Enterprise Engineering
@ Meta | Bellevue, WA | Seattle, WA | New York City | Fremont, CA
Security Engineer
@ Retool | San Francisco, CA
Senior Product Security Analyst
@ Boeing | USA - Seattle, WA
Junior Governance, Risk and Compliance (GRC) and Operations Support Analyst
@ McKenzie Intelligence Services | United Kingdom - Remote
GRC Integrity Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City