Hack The Box Catch
00:00 Intro 01:00 Start of nmap, going over some standard cookies and knowing the web technology behind it 06:15 Checking what the main webpage is, discovering an APK File 07:00 Analysing the APK file with JADXGUI 09:00 Searching for strings, finding some tokens 10:15 Looking at the Gitea API to discover how to use our token 14:15 Looking at the Lets Chat API to discover how to use our token and dumping a list of rooms 16:30 Using the Lets Chat API to dump messages from a room and discovering credentials 17:40 Logging into the Catchet webserver finding the version and discovering known vulnerabilities 19:20 Using a CVE202139174 POC to dump the Catchet Configuration and get a password (SSTI) 23:50 Logging into the box as will 25:40 Discovering a script that has a command injection when verifying APK Files 29:00 Using apktool to decompile the APK so we can change the name and repackage it 33:15 Having trouble repacking our APK file,
|
|