HackTheBox - Mailing

Name: HackTheBox - Mailing
Uploaded: 2024-09-07T15:00:41Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap, discovering potential username convention from SSL Certificate 04:10 - Checking out the website 07:15 - Exam...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap, discovering potential username convention from SSL Certificate 04:10 - Checking out the website 07:15 - Examining the request being made to download the PDF and talking about how Metadata can leak if it came from disk or the webapp 09:45 - Discovering File Disclosure in the download script 12:00 - Downloading the hMailServer configuration file, to get credentials 15:15 - Discovering the credentials work with SMTP 17:24 - Talking about the Moniker Link (CVE-2024-21413) vulnerability and sending a malicious document to Maya to get NTLM Hash 24:30 - Dis…

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Introduction

1:00 Start of nmap, discovering potential username convention from SSL Certificate

4:10 Checking out the website

7:15 Examining the request being made to download the PDF and talking about how Met

9:45 Discovering File Disclosure in the download script

12:00 Downloading the hMailServer configuration file, to get credentials

15:15 Discovering the credentials work with SMTP

17:24 Talking about the Moniker Link (CVE-2024-21413) vulnerability and sending a ma

24:30 Discovering what Maya can do, nothing interesting in the share but she can Win

29:00 Discovering LibreOffice 7.4.0.1 is being ran, exploiting it with CVE-2023-2255

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →