HackTheBox - Jewel
00:00 - Introduction
00:54 - Start of nmap, going into why it needs sudo
04:15 - Checking Phusion Passenger version
06:15 - Downloading the source code from port 8000 (GitWeb)
07:50 - Using Brakeman to analyze the source code to the RAILS App
09:15 - Checking Rails release date to see it is old
11:35 - Researching CVE-2020-8165 and checking if our application is vulnerable
15:30 - Performing the CVE-2020-8165 serialization exploit
16:00 - Fixing my APT from expired: signature could not be verified because public key is not available NO_PUBKEY
18:15 - Installing RAILS Then building our deserialization
27:50 - Reverse shell returned
31:00 - LinPEAS showed some password hashes, lets check out those files to see if there was more passwords
33:15 - Cracking the passwords, then finding sudo requires a 2FA Password
35:45 - Finding .google_authenticator
42:00 - Installing oathtool
42:50 - Using OathTool to read out google_auth file to generate the One Time Pad (OTP)
44
3 years ago 01:04:55 16
3 years ago 00:46:41 21
3 years ago 00:54:29 18
3 years ago 01:02:44 34
4 years ago 01:07:18 73
2 years ago 00:39:35 18
3 years ago 01:19:05 20
3 years ago 00:53:01 12
3 years ago 00:53:27 19
2 years ago 00:45:01 19
4 years ago 01:11:52 31
3 years ago 00:40:01 31
3 years ago 02:19:39 34
5 years ago 00:41:52 21
2 years ago 00:54:33 12
3 years ago 01:10:51 100
3 years ago 00:45:08 12
3 years ago 00:28:56 15
2 years ago 01:05:56 14
4 years ago 01:04:28 23
3 years ago 00:54:34 24
2 years ago 01:32:05 16
3 years ago 00:42:55 31
3 years ago 00:26:05 24
