HackTheBox - EarlyAccess

00:00 - Intro 01:05 - Start of nmap, adding earlyaccess.htb to the hostfile 05:20 - Registering an account to see what features are enabled to regular users 06:20 - Discovering bad characters of username are only checked upon registration, not changing it from the profile page 11:50 - Testing the Contact Forms for XSS by sending a message to ourself 12:10 - Using document.location javascript to steal cookies 17:05 - Taking the administrators cookie and discovering some new hosts/functionality/key validation script 20:07 - Going over the key validaiton script 23:55 - Breaking the first part of the Key which is a simple Bit Shift and XOR to get KEY01 30:05 - Breaking the second part of the key which calculating every permutation of when two strings equal eachother 34:20 - Showing the lazy way to do the second part, since we never actually need to know every combination 36:15 - Breaking the third part of the key, which has a rotating magic. Discovering the keyspace for magic is only 60 38:50 - Coding the third part to display valid keys for all 60 combinations 43:30 - Breaking G4, which is just a simple XOR 47:00 - Talking about how the CheckSum works and how it is similair to the Luhn Check 48:50 - Putting everything togather and building a key generator to give us 60 keys 58:50 - Allowing our script to attempt to register keys on our behalf 1:11:30 - Debugging issues in our script 1:18:40 - The issue of our script, we copied the checksum incorrectly 1:22:50 - Logging in to play the game and talking about forging scores 1:24:20 - Playing with Second Order SQL Injection with our username and scoreboard 1:26:08 - Extracting table information from information_schema with our union sql injection 1:31:50 - Extracting hashes from the database than cracking to get the administrators password 1:36:10 - Logging into developer admin panel 1:39:00 - Fuzzing file.php to discover hidden parameters to find filepath which can be used to extract source code via lfi and php filters 1