HackTheBox - Vessel

00:00 - Introduction talking about how this box is about finding CVE's and building an exploit based upon exploit
00:50 - Start of nmap
03:00 - Running gobuster and showing the importance of using multiple wordlists.
05:00 - Attempting to register an account, which shows the endpoint /api/register but /api/ returns a 404
06:10 - Showing that raft-small-words wordlist won't discover .git but commons.txt will because commons has .git/HEAD
08:25 - Running Git-Dumper to extract the source then looking at …

account api box code commons cve discover endpoint exploit extract git git-dumper gobuster hackthebox head introduction nmap register start talking txt vulnerable wordlist wordlists