HackTheBox - Editorial
00:00 - Introduction 00:47 - Start of nmap 02:00 - Discovering the webserver is likely running Flask 03:30 - Discovering a SSRF in the request to publish books, showing we could leak the servers IPv6 Address but its not too useful here 07:30 - Using FFUF to fuzz all open ports on localhost to discover port 5000 is open which is an API Server 11:25 - Looking at the messages endpoint, which discloses a password for dev which we can SSH With 17:10 - Discovering a git directory, searching git commits for the word prod and getting another password 19:40 - The Prod user can run a python script which is using the python git library, which has an RCE CVE. We can use the Shell Extension in the URL to execute code
▶︎
HackTheBox - Nanocorp
▶︎
Most Devs Get API Authentication Wrong ?
▶︎
twomillion HTB walkthrough | ethical hacking on hackthebox | CBBH Prep
▶︎
How Ticketmaster sells 20,000 seats to 500,000 fans without ever double-selling one
▶︎
SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF "GoodGame"
▶︎
HackTheBox – Principal (by IppSec) Walkthrough | pac4j-jwt, SSH CA Exploitation
▶︎
She Was Trying to Cut It With Scissors and The Grass Was Taller Than My Mowers
▶︎
HackTheBox - Interpreter
▶︎
Anthropic is Completely F*cked.
▶︎
Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec
▶︎
HackTheBox - Dog
▶︎
Wie schlägt sich unsere Regierung? Halbzeitanalyse mit Fabian Köster | heute-show
▶︎
AI Does Something Horrifying To Human Thinking
▶︎
HackTheBox - VariaType
▶︎
Hacking Bank from Hackthebox | HTB Bank Walkthrough | Ethical Hacking
▶︎
Der schlimmste Pharmakonzern Deutschlands
▶︎
I Built Retracting Casters that are Actually GOOD
![PINK & ORANGE GRADIENT IN HD [3 HOURS]](https://i.ytimg.com/vi/6ih8zppfQSQ/hq720.jpg?sqp=-oaymwE1CNAFEJQDSFryq4qpAycIARUAAIhCGAHwAQH4Af4JgALQBYoCDAgAEAEYfyAsKBMwD7gC9xg=&rs=AOn4CLAUEb5z8CwP9EWlTCjCFdRosNmujA&usqp=CCc)
▶︎
PINK & ORANGE GRADIENT IN HD [3 HOURS]
▶︎
Something Is Seriously Wrong With People?
▶︎