all InfoSec news
HackTheBox - Stocker
June 24, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
00:56 - Start of nmap
02:15 - Running Gobuster in VHOST Detection mode to find the dev subdomain
03:50 - Intercepting a request to dev.stocker.htb and seeing an connect.sid cookie and x-powered-by header saying express, both indicating it uses NodeJS/Express
05:00 - Explaining why I'm trying these injections
07:00 - Bypassing login with mongodb injection by setting both username and password to not equals instead of equals
09:10 - Playing with the e-commerce store and seeing it …
bypassing connect cookie detection dev express find gobuster hackthebox header htb introduction login login with mode mongodb nmap request running sid start subdomain
More from www.youtube.com / IppSec
HackTheBox - Analytics
1 month, 1 week ago |
www.youtube.com
HackTheBox - Manager
1 month, 2 weeks ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC
@ SAP | Dublin 24, IE, D24WA02
Product Security Response Engineer
@ Intel | CRI - Belen, Heredia
Application Security Architect
@ Uni Systems | Brussels, Brussels, Belgium
Sr Product Security Engineer
@ ServiceNow | Hyderabad, India
Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)
@ FiscalNote | United Kingdom (UK)