Starting with the nmap scan, two ports are found to open.


Starting initial scan with autorecon we found two ports open- 22 and 8080


INITIAL FOOTHOLD

Starting with the intial scan of the box we found no other service was runnning except smb on port 445.

nmap -sV -sC 10.10.10.178 -O scan_result.txt


FLASK

The very first thing that should caught our attention is that it is a flask application , therfore one should check for SSTI(server side template injection). Now the job is to identify which SSTI engine .Using the payload

{{7*7}}

the output 7777777 in response box indicates that it is…


Photo by Steve Halama on Unsplash

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. …


Malicious File Upload

Large amount of bug found these days encompass xss , sql , idor etc. However even the bug requiring low complexity but high severity can score you a good bounty.All you need is creativity.

There is website let’s say redacted.com (for bug disclosure reason’s) that provides users…

Cyb3rlant3rn

Security Engineer|Bug Hunter twitter-@Cyb3rlant3rn

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store