Hack The Box Bolt

00:00 Intro 00:50 Start of nmap 01:50 Examining the SSL Certificate to find alternative names 02:30 Discovering PassBolt, but looks like we need an email to login to passbolt 04:10 Checking the and finding a link to download a custom docker image 06:30 Extracting the docker image and viewing the docker layers 08:00 Showing off Dive which is a tool to navigate docker images 08:50 Showing my initial process at analyzing this with a little bashfu 10:50 Creating a bash loop to print every file 11:50 Viewing and history files by decompressing the layers they are in 14:20 Viewing information in the SQL Lite Database and grabbing a password hash 17:00 Logging into the web app 21:00 Extracting all of the layers so we can view the source code 23:30 ashhistory is now empty, which shows there were multiple versions of this file 25:00 Viewing different versions of in the docker layers 27:30 Exrtacting