Hack The Box Luanne

00:00 Introduction 01:00 Starting nmap, using minrate to speed up things and explaining why I don t normally show this 03:20 Doing basic recon on, , noticing authentication isn t required everywhere find 07:05 Taking a look at port 9001, searching for default credentials 13:10 Once logged into Supervisord, we can examine processes see HTTP is using LUA 15:40 Using FFUF to fuzz the, weather, endpoint based upon the Supervisord and 18:15 Using FFUF to fuzz the city parameter of, weather, forecast for special characters 22:00 Confirmed injection, failing to get it to work 24:45 Going back to FFUF to fuzz for another character after the single quote. We can now inject into the LUA 30:20 Reverse shell returned, attempt to crack the hash on my VM and crash my Reboot use John to crack it 38:00 Using the webapiuser in order to access the webserver 42:40 Looking into the arguments for HTTP Running on port 3001, since we can