HackTheBox - Principal

Name: HackTheBox - Principal
Uploaded: 2026-03-14T01:25:10+00:00
Channel: IppSec
Description: 00:00 - Introduction 00:55 - Start of nmap 02:50 - Looking at the Javascript, which a lot of information about the webapp 03:10 - Looking at the pac4j j...

IppSec · Beginner ·🔐 Cybersecurity ·2w ago

00:00 - Introduction 00:55 - Start of nmap 02:50 - Looking at the Javascript, which a lot of information about the webapp 03:10 - Looking at the pac4j jwt vulnerability (CVE-2026-29000) 05:30 - Looking for the JKS (RSA Public Key), going into the javascript and seeing there is an /api/auth/jwks endpoint 06:50 - Start of creating our python to create a forged JWE Token 15:00 - Troubleshooting our token, it isn't valid yet 18:30 - Crafted a valid token, now it is saying we have an invalid role, looking at the javascript to get the correct information 20:30 - Logged into the application, discover…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:55 Start of nmap

2:50 Looking at the Javascript, which a lot of information about the webapp

3:10 Looking at the pac4j jwt vulnerability (CVE-2026-29000)

5:30 Looking for the JKS (RSA Public Key), going into the javascript and seeing the

6:50 Start of creating our python to create a forged JWE Token

15:00 Troubleshooting our token, it isn't valid yet

18:30 Crafted a valid token, now it is saying we have an invalid role, looking at th

20:30 Logged into the application, discovering a credential that lets us SSH into th

22:30 Poking at the source of the java app, finding more passwords but doesn't reall

24:20 Discovering a CA Private Key, with a note saying its valid for SSH, looking at

25:50 Generating a SSH Key, then signing it with the CA giving us the principal of "

28:30 Little bit of extra information about SSH Key Signing, the AuthorizedPrincipal

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →