HackTheBox - Luke
00:40 - Begin of Recon
02:45 - Checking FTP to get a note
03:38 - Going to each of the three websites
04:30 - Running Gobuster on port 80/3000
06:30 - Taking notes of all the login pages (forgot Ajenti)
07:55 - found which has a password
10:15 - Discovering /login on port 3000 accepts username=&password=
11:25 - Successful login! JWT Token returned
14:00 - Using curl to add the JWT Token in the header to access other api endpoints
15:10 - Using BurpSuite to add headers
18:30 - Navigating the Rest API to dump the usernames and passwords
20:30 - Attempting logins on other services
21:30 - Derry can login to /management
22:50 - Ajenti Password! Lets try logging in
22:30 - Ajenti has a virtual terminal that is running as root!
26:20 - Extra Content - Getting a reverse shell
28:30 - Grabbing the JWT Secret, so we can forge our own tokens!
29:10 - Creating a python script to generate JWT Tokens
30:20 - This token has no expiration
4 months ago 00:10:23 1
7 months ago 00:00:00 1
9 months ago 00:04:06 1
9 months ago 00:32:44 18
9 months ago 00:34:38 2
9 months ago 01:27:34 5
9 months ago 00:37:18 6
9 months ago 00:41:25 5
9 months ago 01:46:13 2
9 months ago 01:12:42 4
9 months ago 00:26:29 1
9 months ago 02:06:46 2
9 months ago 00:54:43 11
9 months ago 02:05:30 1
10 months ago 00:33:44 1
10 months ago 00:27:16 1
10 months ago 00:30:39 1
11 months ago 11:21:04 1
1 year ago 05:30:24 3
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
