Hack The Box Stocker Machine | Complete Walkthrough
Vložit
- čas přidán 8. 09. 2024
- In this video, we're going to solve the Stocker machine of Hack The Box.
This machine classified as an "easy" level challenge. It focuses on two specific techniques: SSRF (Server-Side Request Forgery) and API abuse in the context of dynamic PDF generation.
SSRF (Server-Side Request Forgery) is a vulnerability that allows an attacker to make arbitrary requests from the perspective of the vulnerable server. In an SSRF attack, the attacker typically exploits a web application by sending crafted requests to internal or external resources that the vulnerable server can access. This can include accessing files, services, or resources that are not intended to be exposed or accessed by the attacker.
Dynamic PDFs refer to PDF documents that are generated on-the-fly or customized based on user input or dynamic data. These PDFs can be generated using server-side scripting languages, such as PHP, Python, or JavaScript. The content and structure of the PDF can be dynamically generated based on the input or data provided.
Combining SSRF with dynamic PDF generation could potentially lead to security issues if the SSRF vulnerability allows the attacker to manipulate the PDF generation process. For example, an attacker could attempt to forge requests to access sensitive files or services during the PDF generation process, resulting in unauthorized access or information disclosure.
IMPORTANT LINKS:
Extracting your AWS Access Keys through a PDF file Article : www.triskelela...
Reverse Shell: www.revshells....
NoSQL JSON Bypass:
book.hacktrick...
Server Side XSS (Dynamic PDF)
book.hacktrick...
Thanks mam it's really helpfull for me
In fact you're so much to tell I love this video so so much
Thanks 🙏
I'm a noob trying to learn all and I'm in my third stage in the hacking
✨ Promo sm