HackTheBox - Luanne
00:00 - Introduction
01:00 - Starting nmap, using min-rate to speed up things and explaining why I don’t normally show this
03:20 - Doing basic recon on /, noticing authentication isn’t required everywhere find
07:05 - Taking a look at port 9001, searching for default credentials
13:10 - Once logged into Supervisord, we can examine processes see HTTP is using LUA
15:40 - Using FFUF to fuzz the /weather/ endpoint based upon the Supervisord and
18:15 - Using FFUF to fuzz the city parameter of /weather/forecast for special characters
22:00 - Confirmed injection, failing to get it to work
24:45 - Going back to FFUF to fuzz for another character after the single quote. We can now inject into the LUA
30:20 - Reverse shell returned, attempt to crack the hash on my VM and crash my VM... Reboot use John to crack it
38:00 - Using the webapi_user in order to access the webserver
42:40 - Looking into the arguments for HTTP Running on port 3001, since we can
3 months ago 00:10:23 1
6 months ago 00:00:00 1
8 months ago 00:04:06 1
8 months ago 00:32:44 18
8 months ago 00:34:38 2
8 months ago 01:27:34 5
8 months ago 00:37:18 6
8 months ago 00:41:25 5
8 months ago 01:46:13 2
8 months ago 01:12:42 4
8 months ago 00:26:29 1
8 months ago 02:06:46 2
8 months ago 00:54:43 11
8 months ago 02:05:30 1
9 months ago 00:33:44 1
9 months ago 00:27:16 1
9 months ago 00:30:39 1
10 months ago 11:21:04 1
11 months ago 05:30:24 3
12 months ago 01:02:06 16
12 months ago 00:16:21 18
12 months ago 02:09:39 15
12 months ago 00:29:19 2
1 year ago 00:39:17 7
