HackTheBox - SecNotes

01:05 - Begin of recon 02:45 - Checking out the website 03:50 - Using wfuzz to enumerate usernames 05:45 - Logging in with an account we created 07:23 - Checking out Change Password and noticing it does this poorly 09:25 - Using the contact form, to see if tyler will follow links 14:14 - Changing Tyler's password by sending him to the ChangePassword Page 15:00 - Logged in and find SMB Share with credentials. 16:15 - Found a webshare but not sure the directory it executes from. Begin hunting for a different webserver. 17:48 - Port 8808 found via nmap'ing all ports. Creating a php script to gain code execution 19:15 - Downloading netcat for windows to use as a Reverse Shell 21:14 - Playing with Bash on Windows 22:35 - Finding the administrator password in ~/.bash_history -- Box done 23:45 - Alternate way to find the .bash_history file 25:36 - Unintended way to bypass the CSRF. SQL Injection + bad Static Code analysis In the Holiday video, I do a bit more that may be helpful with card type attacks :    • HackTheBox - Holiday