all InfoSec news
HackTheBox - Sau
Jan. 6, 2024, 4:22 p.m. | IppSec
IppSec www.youtube.com
00:40 - Start of nmap
02:00 - Examining the website, playing with the basket, trying SSTI/SQL Injection special characters
04:30 - Looking at the settings, discovering we can perform a SSRF and get the response back. Grabbing localhost:80
06:10 - The local website runs maltrail 0.53, examining the exploit then manually exploiting it to get a shell
09:10 - Shell returned, checking if we really needed to encode the payload
13:00 - When systemctl runs status, it …
back characters exploit exploiting grabbing hackthebox injection local localhost nmap response settings special sql sql injection ssrf ssti start website
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Principal Security Analyst - Threat Labs (Position located in India) (Remote)
@ KnowBe4, Inc. | Kochi, India
Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860
@ EY | Dallas, TX, US, 75219
Enterprise Security Architect (Intermediate)
@ Federal Reserve System | Remote - Virginia
Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas
@ Goldman Sachs | Dallas, Texas, United States
Vulnerability Management Team Lead - North Central region (Remote)
@ GuidePoint Security LLC | Remote in the United States