HackTheBox 'Under Construction': JWT,SQLi Bypass Exploit! #htb #ctf

Welcome to the HackTheBox 'Under Construction' challenge walkthrough! In this video, we'll dive deep into a medium-difficulty web challenge, uncovering a critical SQL injection vulnerability. Learn step-by-step how to exploit this flaw, bypass authentication, and ultimately retrieve the flag. 🔥 What you'll learn: Initial reconnaissance of a web application Identifying SQL injection points Crafting payloads for authentication bypass Leveraging `jsonwebtokens` (JWT) for session management Practical use of tools like Burp Suite and jwt tools 🕒 Timestamps: 00:00 Introduction & Initial Reconnaissance 01:47 Analyzing Authentication Logic 02:50 Discovering the Vulnerabilities 04:48 Planning the Exploitation 08:38 JWT Algorithm Confusion Attack 11:54 Exploiting the SQL Injection 15:52 Capturing the Flag & Conclusion 16:20 Outro Don't forget to like, comment, and subscribe for more cybersecurity content and HackTheBox walkthroughs! Let me know in the comments if you found this helpful! #HackTheBox #HTB #Cybersecurity #SQLi #WebExploitation #PwnFox #BurpSuite #CTF #Walkthrough #Hacking #Sqlinjection #Infosec