HackTheBox - TwoMillion

00:00 - Intro 00:18 - Start of nmap, scanning all ports with min-rate 02:35 - Browsing to the web page and taking a trip down memory lane with the HackTheBox v1 page 04:00 - Attempting to enumerate usernames 05:10 - Solving the HackTheBox Invite Code Challenge 05:50 - Sending the code to JS-Beautify 06:45 - Sending a curl request to /api/v1/invite/how/to/generate to see how to generate an invite code 10:40 - Creating an account and logging into the platform then identifying what we can do 16:50 - Discovering hitting /api/v1/ provides a list of API Routes, going over them and identifying any dangerous ones 17:50 - Attempting a mass assignment vulnerability upon logging in now that we know there is an is_admin flag 22:30 - Playing with the /api/v1/admin/settings/update route and discovering we can hit this as our user and change our role to admin 24:30 - Now that we are admin, playing with /api/v1/admin/vpn/generate and finding a command injection vulnerability 26:15 - Got a