all InfoSec news
How I escalated default credentials to Remote Code Execution
April 3, 2023, 2:54 a.m. | Pawan Chhabria
InfoSec Write-ups - Medium infosecwriteups.com
Hello All, We all know Recon is very important to get P1 bugs. Shodan and Censys are probably the best search engines. I have been testing a lot of application logic issues so thought of learning some recon as well.
Please note: The domain and other details have been masked for Confidentiality Purpose.
Recently, I came across an application which was using Tomcat. Lets take the domain as www.example.com. The first thing I did was brute forcing tomcat …
bug bounty bug-bounty-writeup code code execution credentials default credentials pentesting remote code remote code execution tomcat
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
5 days, 5 hours ago |
infosecwriteups.com
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI
5 days, 17 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
6 days, 6 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
6 days, 6 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)
Vice President, Cyber Operations Engineer
@ BlackRock | LO9-London - Drapers Gardens