HackTheBox - Imagery

Name: HackTheBox - Imagery
Uploaded: 2026-01-24T15:00:13+00:00
Channel: IppSec
Description: 00:00 - Introduction 00:45 - Start of nmap 04:00 - Viewing the Flask Cookie with Flask-Unsign 07:30 - Discovering the Report Bug endpoint which is vulne...

IppSec · Beginner ·🔐 Cybersecurity ·2mo ago

00:00 - Introduction 00:45 - Start of nmap 04:00 - Viewing the Flask Cookie with Flask-Unsign 07:30 - Discovering the Report Bug endpoint which is vulnerable to XSS and HTTP Only is false allowing us to steal cookies 08:15 - Another way to discover XSS, look at JavaScript in PageSource which leaks a lot of information 12:40 - Stealing the session cookie with img src xss payload 15:55 - Finding a File Disclosure then leaking the application source code 18:40 - Using Curl to download all the source code, making it easier to do source code analysis 24:00 - Using OpenGrep to locally run a basic st…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:45 Start of nmap

4:00 Viewing the Flask Cookie with Flask-Unsign

7:30 Discovering the Report Bug endpoint which is vulnerable to XSS and HTTP Only i

8:15 Another way to discover XSS, look at JavaScript in PageSource which leaks a lo

12:40 Stealing the session cookie with img src xss payload

15:55 Finding a File Disclosure then leaking the application source code

18:40 Using Curl to download all the source code, making it easier to do source code

24:00 Using OpenGrep to locally run a basic static code analysis on the app

28:20 Abusing the Command Injection to get a shell

32:50 Discovering an AES Encrypted zip, copying it to our box then cracking with aes

37:30 Using pyAesCrypt to decrypt the file

40:20 Exploiting the custom binary Charcol

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →