HackTheBox - Jewel
00:00 - Introduction
00:54 - Start of nmap, going into why it needs sudo
04:15 - Checking Phusion Passenger version
06:15 - Downloading the source code from port 8000 (GitWeb)
07:50 - Using Brakeman to analyze the source code to the RAILS App
09:15 - Checking Rails release date to see it is old
11:35 - Researching CVE-2020-8165 and checking if our application is vulnerable
15:30 - Performing the CVE-2020-8165 serialization exploit
16:00 - Fixing my APT from expired: signature could not be verified because public key is not available NO_PUBKEY
18:15 - Installing RAILS Then building our deserialization
27:50 - Reverse shell returned
31:00 - LinPEAS showed some password hashes, lets check out those files to see if there was more passwords
33:15 - Cracking the passwords, then finding sudo requires a 2FA Password
35:45 - Finding .google_authenticator
42:00 - Installing oathtool
42:50 - Using OathTool to read out google_auth file to generate the One Time Pad (OTP)
44
4 months ago 00:10:23 1
7 months ago 00:00:00 1
8 months ago 00:04:06 1
9 months ago 00:32:44 18
9 months ago 00:34:38 2
9 months ago 01:27:34 5
9 months ago 00:37:18 6
9 months ago 00:41:25 5
9 months ago 01:46:13 2
9 months ago 01:12:42 4
9 months ago 00:26:29 1
9 months ago 02:06:46 2
9 months ago 00:54:43 11
9 months ago 02:05:30 1
9 months ago 00:33:44 1
9 months ago 00:27:16 1
10 months ago 00:30:39 1
10 months ago 11:21:04 1
12 months ago 05:30:24 3
12 months ago 01:02:06 16
12 months ago 00:16:21 18
12 months ago 02:09:39 15
1 year ago 00:29:19 2
1 year ago 00:39:17 7
