HackTheBox - Kryptos

00:45 - Begin of Recon 02:50 - Examining login request while GoBuster runs 05:35 - Noticing weird behavior by modifying db parameter in login request 07:30 - Finding what the Error numbers mean. (SQL Error Codes) 08:50 - Testing if we can trick the application into authentication against us 09:50 - Starting up metasploit to steal the login hash of a MYSQL Login 12:30 - Cracking the MySQL Hash with Hashcat 16:45 - Creating a databse locally for the application to authenticate to 23:00 - Examining what MySQL Does after authentication in Wireshark 24:30 - Creating the database structure so the application will authenticate against our database 27:00 - Begin of the File Encryptor PHP App 27:30 - Performing a Known Plaintext attack against the RC4 Encryption 28:50 - Explaining the Known Plaintext 37:00 - Creating a Python Script to perform a SSRF attack and decrypt content 54:25 - Script done, discovering a LFI Exploit in /dev/ 57:30 - Using PHP Filters to convert LFI to source code disclosure 59:50 - Extracting sqlite_test_page.php source code 01:01:00 - Manually analyzing the source code to discover a way to write files 01:03:00 - Checking PayloadAllTheThings to get a payload for dropping files 01:15:38 - Testing dropping a php script for code execution 01:18:00 - Using Chankro to bypass PHP Disabled functions 01:20:45 - Creating a PHP Script to download Chankro Script to avoid bad characters in the RCE 01:24:50 - Reverse shell returned, finding a VIMCrypted file in Rijndael Home 01:25:35 - Decrypting Creds.txt with a known plaintext attack in VimCrypt 02 (Blowfish) 01:28:20 - Downloading the files to our local box and explaining the attack 01:30:30 - Copying our Python Script from earlier and modify it to work with our VIM File 01:38:20 - Decrypted the creds and use them to SSH 01:39:10 - Analyzing the kryptos.py file 01:41:00 - Testing how random the random is 01:46:00 - Creating a python script to bruteforce the key as we know the randomness is broken 01:57:00 - Scr