HackTheBox - Curling
01:12 - Begin of Recon
01:55 - Running Cewl to generate a wordlist
02:50 - Finding in the HTML Source, which happens to be the password
03:28 - Runninh JoomScan so we have something running in the background
04:20 - Checking the manifest to get the Joomla Version
06:20 - Explaining what equals mean in base64
07:50 - Begin of hunting for Joomla Username
08:30 - BruteForcing Joomla Login with WFUZZ
10:35 - Troubleshooting by sending wfuzz through burp
12:25 - Turns out the CSRF Token is tied to cookie, adding that to the wfuzz command
17:10 - Success! Logged into Joomla
17:58 - Gaining code execution by modifying a template
20:20 - Getting a reverse shell
23:20 - Finding the file: password_backup which is encoded
23:55 - Extracting password_backup manually with xxd, zcat, bzcat, tar
25:43 - Extracting Password_Backup with CyberChef
27:35 - Logging in with Floris
28:17 - Looking at /home/floris/AdminArea
28:50 - Testing the input file by changi
3 years ago 01:04:55 16
3 years ago 00:54:29 18
3 years ago 01:02:44 34
4 years ago 01:07:18 73
3 years ago 00:39:35 18
3 years ago 01:19:05 20
2 years ago 00:45:01 19
3 years ago 00:53:01 12
4 years ago 00:53:27 19
3 years ago 00:40:01 31
4 years ago 01:11:52 31
3 years ago 02:19:39 34
5 years ago 00:41:52 21
2 years ago 00:54:33 12
3 years ago 01:10:51 100
3 years ago 00:45:08 12
3 years ago 00:28:56 15
2 years ago 01:05:56 14
4 years ago 01:04:28 23
3 years ago 00:54:34 24
3 years ago 01:32:05 16
4 years ago 00:42:55 31
3 years ago 00:26:05 24
2 years ago 01:15:44 13
