HackTheBox - Jewel
00:00 - Introduction
00:54 - Start of nmap, going into why it needs sudo
04:15 - Checking Phusion Passenger version
06:15 - Downloading the source code from port 8000 (GitWeb)
07:50 - Using Brakeman to analyze the source code to the RAILS App
09:15 - Checking Rails release date to see it is old
11:35 - Researching CVE-2020-8165 and checking if our application is vulnerable
15:30 - Performing the CVE-2020-8165 serialization exploit
16:00 - Fixing my APT from expired: signature could not be verified because public key is not available NO_PUBKEY
18:15 - Installing RAILS Then building our deserialization
27:50 - Reverse shell returned
31:00 - LinPEAS showed some password hashes, lets check out those files to see if there was more passwords
33:15 - Cracking the passwords, then finding sudo requires a 2FA Password
35:45 - Finding .google_authenticator
42:00 - Installing oathtool
42:50 - Using OathTool to read out google_auth file to generate the One Time Pad (OTP)
44:30 - Switching to TOTP Mode, then lots of issues because of AM/PM
51:51 - Changing the timezone of our box to Europe/London to get away from conversions
56:00 - Our date went up an entire day! Fixing the day then getting a shell
Watch video HackTheBox - Jewel online without registration, duration hours minute second in high quality. This video was added by user IppSec 13 February 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 15,646 once and liked it 527 people.