HACKTHEBOX

PLAYER – (HACK THE BOX)

https://github.com/mazen160/bfac Things to note: Secret key used to sign the JWT token →_S0_R@nd0m_P@ss_. The access code to get the new file location. Masked endpoint →7F2xxxxxxxxxxxxx/ If we decode the JWT token captured in cookie while requesting /launcher/dee8dc8a47256c64630d803a4c40786e.php using jwt.io , we get Copy the cookie https://jwt.io/ paste here the cookie : access=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcm9qZWN0IjoiUGxheUJ1ZmYiLCJhY2Nlc3NfY29kZSI6IkMwQjEzN0ZFMkQ3OTI0NTlGMjZGRjc2M0NDRTQ0NTc0QTVCNUFCMDMifQ and we get […]

Pentesting * VULNHUB

K2 VM (VULNHUB)

VM LINK : https://download.vulnhub.com/devrandom/K2.ova root@kali:~# netdiscover -i eth0 Currently scanning: 192.168.69.0/16 | Screen View: Unique Hosts 15 Captured ARP Req/Rep packets, from 5 hosts. Total size: 900 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname —————————————————————————– 192.168.23.2 00:50:56:f6:84:83 2 120 VMware, Inc. 192.168.23.1 00:50:56:c0:00:08 1 60 VMware, Inc. 192.168.23.140 00:0c:29:7e:f6:12 10 600 […]