![]() With that, I’ll locate a backup archive and get a password from a config file that allows for SSH access. In that documentation, I’ll spot an awk injection that leads to a file disclosure vulnerability. I’ll find another API where I can get it to do a SSRF, and read internal documentation about the API. I’ll start by bypassing the auth check, and using that to find an API where I can dump user hashes. (Intentionally not support rewrite here.) (Security suggestion: Don't use this feature unless you know what you are doing.Hackthebox ctf htb-awkward nmap webpack vuejs wfuzz auth-bypass jwt jwt-io burp burp-repeater hashcat ssrf express api express-api awk awk-injection file-read hashcat-jwt python-jwt youtube python-requests xpad pspy mail gtfobins pm2 command-injectionĪwkward involves abusing a NodeJS API over and over again.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |