HackTheBox - Format Nginx Misconfiguration && Python Format String Vuln

00:00-Intro
00:42-Nmap Scan to see the open Ports
02:30-Looking at the web server and adding domain names into /etc/hosts file
04:58-Trying to do default creds, SQL injection on the login page found
06:40-Registering on the site to see more functionality
07:49-Making a new blog and testing its functionality
09:07-Found XSS (Cross-Site Scripting)
12:00-Looking the requests in the Burpsuite
13:30-Trying to do simple command injection and blind command injection
16:10-Trying to do Local File Inclusion and found it successfully
18:00-looking at the nginx conf file to see for misconfigurations
19:00-Using CHATGPT to make nginx conf file more beautiful
21:00-trying to find Vulnerabilities in the nginx misconf we found
22:37-Doing dirsearch on both of the websites we found
24:44-Found the repo of the cooper user which contains the source code of the site, so we will analyze that source code
30:40-Finding how to exploit nginx misconfig by reading the blog post from Frans Rosen on detectify
33:40-Found the command on exploit notes to do the same thing
38:43-Successfully became a professional user now I have img functionality as well so we will test it and try to get a rev shell now
49:01-Successfully got a revshell, now starting privilege escalation by stabilizing the shell
49:30-Looking at sudo privileges, and suid binaries but did not find anything
51:30-Connecting to Redis Socket and getting the password of the cooper user and logging in as cooper using ssh
53:32-Found a License Binary which has Python Format string Vulnerability so exloiting that to get the root password and getting root.