Hack The Box Craft

Views: 1

01:20 Begin of recon 03:18 Checking out the HTTPS Certificate for potential hostnames 05:10 Looking at appears to be some type of Documentation for the REST API 06:40 Looking at no known exploits but there is some source code 09:20 Checking out the Git Issues, seeing Dinesh put a JWT Token in a comment. Checking the token out 11:25 Attempting to crack the JWT (fails) 13:30 Going back to the issues to see there is an eval() on user input 16:25 Installing Go and Pip3 on Kali so we can install GitLeaks and TruffleHog 18:57 Running GitLeaks and TruffleHog (find nothing) then manually analyzing the git commits 21:20 Discovering Dinesh s credentials in an old git commit 25:05 Logging into GOGS with Dinesh, then showing adding an SSH Key for potential port forwarding 28:28 Testing Code Execution from the previous git issue, use the script as a skeleton. 31:30 Getting a reverse shell with this exploit