HackTheBox - Editorial

Name: HackTheBox - Editorial
Uploaded: 2024-10-19T15:00:45Z
Channel: IppSec
Description: 00:00 - Introduction 00:47 - Start of nmap 02:00 - Discovering the webserver is likely running Flask 03:30 - Discovering a SSRF in the request to publis...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 00:47 - Start of nmap 02:00 - Discovering the webserver is likely running Flask 03:30 - Discovering a SSRF in the request to publish books, showing we could leak the servers IPv6 Address but its not too useful here 07:30 - Using FFUF to fuzz all open ports on localhost to discover port 5000 is open which is an API Server 11:25 - Looking at the messages endpoint, which discloses a password for dev which we can SSH With 17:10 - Discovering a git directory, searching git commits for the word prod and getting another password 19:40 - The Prod user can run a python script which…

Watch on YouTube ↗ (saves to browser)

Chapters (8)

Introduction

0:47 Start of nmap

2:00 Discovering the webserver is likely running Flask

3:30 Discovering a SSRF in the request to publish books, showing we could leak the

7:30 Using FFUF to fuzz all open ports on localhost to discover port 5000 is open w

11:25 Looking at the messages endpoint, which discloses a password for dev which we

17:10 Discovering a git directory, searching git commits for the word prod and getti

19:40 The Prod user can run a python script which is using the python git library, w

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →