HackTheBox - Download

00:00 - Introduction 01:00 - Start of nmap 05:30 - Playing with the download file functionality, discovering the UUID is the file on disk and not column in database by prepending a slash 09:00 - Finding a File Disclosure vulnerability, extracting application source code, getting source code of the app 13:15 - Start of signing our own cookies, examining the sig cookie to discover it is 40 bytes which is likely sha1 16:00 - Playing with Cyber Chef to discover how the cookie is signed 18:50 - Creating a python application to create and sign cookies so we can become other users 24:30 - Becoming other users and looking at all uploaded files 32:50 - Explaining the ORM Injection, looking at Prisma Documentation to discover how we can perform boolean injection 37:00 - Showing the proof of concept payload, and then making the script loop to extract the entire password field 44:00 - POC Script done, but it is slow. Adding concurrency/threading with asyncio/await to our script to speed it u