15-08-25, 02:39 AM
Hi EvilByte with You !
Today I present : Herriot Watt University , Unprotected Kong Api Metrics !
![[Image: main-reception-statue.xf49a521a.png?w=80...0&fit=crop]](https://www.hw.ac.uk/image-library/main-reception-statue.xf49a521a.png?w=800&h=800&fit=crop)
Target_access : https://portal.hw.ac.uk/metrics/
What You can DO ? :
[*]Pulls
[*]Extracts all service names
[*]leaks:
[*]Discover internal hostnames (
,
,
…)
[*]Learn directory structure and routes for other APIs
[*]Identify admin dashboards like
,
,
[*]Enumerate users (
) for targeted attacks
[*]Guess high-traffic endpoints for exploitation priority
[*]Its For Free !
[*]Best Regards, EvilByte
[*]Telegram : https://t.me/EVILbyteOFFICIEL
[*]
Today I present : Herriot Watt University , Unprotected Kong Api Metrics !
Target_access : https://portal.hw.ac.uk/metrics/
What You can DO ? :
[*]Pulls
Code:
/metrics[*]Extracts all service names
[*]leaks:
- Internal service hostnames
- Route paths
- Workspace names
- Usernames
- Traffic patterns
[*]Discover internal hostnames (
Code:
alerts-apiCode:
files-apiCode:
identity-services[*]Learn directory structure and routes for other APIs
[*]Identify admin dashboards like
Code:
grafanaCode:
kibanaCode:
consul-ui[*]Enumerate users (
Code:
dave.forrester[*]Guess high-traffic endpoints for exploitation priority
[*]Its For Free !
[*]Best Regards, EvilByte
[*]Telegram : https://t.me/EVILbyteOFFICIEL
[*]