HackTheBox - Awkward

Name: HackTheBox - Awkward
Uploaded: 2023-02-25T15:00:23Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 02:00 - Taking a look at the web page, finding users on the site, and using FFUF to VHost Enumeration due to ...

IppSec · Beginner ·🧠 Large Language Models ·3y ago

00:00 - Introduction 01:00 - Start of nmap 02:00 - Taking a look at the web page, finding users on the site, and using FFUF to VHost Enumeration due to talking about a store 04:25 - Fingerprinting the websites, dev looks to be PHP and the main page appears to be Vue 07:55 - Exploring the vue app in Firefox Dev Tools, discovering some routes in the webpack which lead to an API 11:50 - An JWT error message is displayed when accessing some API Pages, removing the token and bypassing authentication 13:10 - Explaining why the web application skips authentication when a cookie is not present, and sh…

Watch on YouTube ↗ (saves to browser)

Chapters (19)

Introduction

1:00 Start of nmap

2:00 Taking a look at the web page, finding users on the site, and using FFUF to VH

4:25 Fingerprinting the websites, dev looks to be PHP and the main page appears to

7:55 Exploring the vue app in Firefox Dev Tools, discovering some routes in the web

11:50 An JWT error message is displayed when accessing some API Pages, removing the

13:10 Explaining why the web application skips authentication when a cookie is not p

15:40 Extracting all users from the page and then using curl to save the hashes to a

21:20 Logged in as Christopher.Jones, checking the Online Store Status link which is

23:45 Using FFUF to fuzz for all possible ports and using a bash trick to create a w

29:40 Discovering some API Documentation on a page on port 3002

31:10 The API all-leave page uses awk, and we can abuse this binary to perform a fil

33:40 Using hashcat to crack our JWT

35:30 Creating a python script to generate JWT's which allow us to exploit awk and e

42:00 Python script completed, leaking some files and discovering a unique file in a

48:00 Having trouble exporting the backup file, and modifying our script to write bi

54:00 Discovering bean's credentials in his xpad directory and logging in

56:20 Running a process list on the box shows inotify is watching an interesting fil

59:40 Looking for system() calls in the PHP app and discovering a sed command. We ca

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HackTheBox - Awkward

Chapters (19)

Playlist

Lesson complete!