Hack The Box Jewel
00:00 Introduction 00:54 Start of nmap, going into why it needs sudo 04:15 Checking Phusion Passenger version 06:15 Downloading the source code from port 8000 (GitWeb) 07:50 Using Brakeman to analyze the source code to the RAILS App 09:15 Checking Rails release date to see it is old 11:35 Researching CVE20208165 and checking if our application is vulnerable 15:30 Performing the CVE20208165 serialization exploit 16:00 Fixing my APT from expired: signature could not be verified because public key is not available NOPUBKEY 18:15 Installing RAILS Then building our deserialization 27:50 Reverse shell returned 31:00 LinPEAS showed some password hashes, lets check out those files to see if there was more passwords 33:15 Cracking the passwords, then finding sudo requires a 2FA Password 35:45 Finding. googleauthenticator 42:00 Installing oathtool 42:50 Using OathTool to read out googleauth file to generate the One Time Pad (OTP) 44
|
|