HackTheBox - Hacknet

Name: HackTheBox - Hacknet
Uploaded: 2026-01-17T15:15:23Z
Channel: IppSec
Description: 00:00 - Introduction 00:40 - Start of nmap 03:20 - Looking at Wappalyzer's technologies folder to see how it is detecting Django (csrfmiddlewaretoken) 0...

IppSec · Beginner ·🧠 Large Language Models ·2mo ago

00:00 - Introduction 00:40 - Start of nmap 03:20 - Looking at Wappalyzer's technologies folder to see how it is detecting Django (csrfmiddlewaretoken) 07:05 - Showing Nuclei doesn't crawl any pages when it tried to detect tech 09:00 - Signing up for the site, playing with SSRF 11:00 - SSTI found, but it is Django Template Engine, looking at PayloadAllTheThings for payloads 14:20 - Creating a python script that will let us fuzz for variables in the Django templates context to see what we can dump 24:10 - Finding there is a users variable, which does include their password 31:10 - Modifying our …

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:40 Start of nmap

3:20 Looking at Wappalyzer's technologies folder to see how it is detecting Django

7:05 Showing Nuclei doesn't crawl any pages when it tried to detect tech

9:00 Signing up for the site, playing with SSRF

11:00 SSTI found, but it is Django Template Engine, looking at PayloadAllTheThings f

14:20 Creating a python script that will let us fuzz for variables in the Django tem

24:10 Finding there is a users variable, which does include their password

31:10 Modifying our script to like every single comment and then dump users to try a

43:20 Creating a list of username:password and also emailUsername:password then runn

49:45 Looking at the Django Database, not finding anything too interesting

52:30 Looking at Djangos File Based Cache, identifying we can take over the cache fr

59:50 Cracking Sandy's GPG Key and then decrypting a backup to get the root password

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →