HackTheBox - Format

For some reason, the last video got stuck encoding on YT's side and was 360p. Reuploaded and it worked the second time. 00:00 - Introduction 01:00 - Start of nmap 04:00 - Downloading source code from gitea 04:30 - Examining the website via browser to see what it does 07:30 - Making sense of how the sitebuilder works 14:20 - Examining the source code, discovering a file disclosure 24:00 - Creating a python script to automate the File Disclosure 48:00 - Script is done, downloading nginx configs. Then trying to find any directory we can write a PHP Script to 55:00 - Looking at how the site adds a pro license to users 58:50 - Explaining how we can do a protocol smuggling attack and access the REDIS socket to manipulate our user 1:05:19 - Showing that the plus is not being URL Decoded in the path of a URL but %20 is 1:08:48 - Uploading a PHP Script to get code execution 1:13:55 - Dumping the REDIS Database and getting cooper's password 1:17:10 - Looking at the License Python script cooper can execute with sudo and seeing a Python Format String vulnerability