TheNoteBook — HackTheBox Writeup

Source

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Synopsis

Skills Required

Skills Learned

Enumeration

Nmap
homepage
register
welcome page
admin
burpsuite
decode

Initial Access

rsa keys
token
jwt
Modified JWT
http service
copy
New JWT
hit
admin panel
cookie editor
admin notes
note
upload webshell
view file
reverse shell

Privilege Escalation — User

linpeas
linpeas
extract
ssh keys
user access
user flag

Privilege Escalation — root

sudo -l
docker version
searchsploit
modify main.go
build
docker
download & chmod
run binary
run docker
root shell
root flag

Thank you for reading this blog. While attempting this challenge I learned so many things. This was unique target with unique vulnerability.

Reference

https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/
https://jwt.io/introduction
https://tools.ietf.org/html/rfc7515#section-4.1.4
https://sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
https://www.cvedetails.com/cve/CVE-2019-5736/
https://tzusec.com/how-to-install-golang-in-kali-linux/
https://github.com/Frichetten/CVE-2019-5736-PoC

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store