HackTheBox - CyberMonday

00:00 - Introduction 00:55 - Start of nmap, playing with the webapp discovering it is Laravel PHP App 06:50 - Discovering /assets is a redirect to /assets/, indicator of the Nginx off by slash [MasterRecon] 11:50 - Using the Nginx off by slash to download .env and .git to get the source code to the app 14:00 - Start of code analysis 15:55 - Finding a Mass Assignment vulnerability in the update functionality 21:50 - Taking some time to explore if there are ways to find Mass Assignment without looking at the code or guessing 27:30 - Looking at the Webhooks-api-beta website, playing with the requ...est and discovering we need to send it JSON 30:40 - Playing with the JWT, Discovering its a RS256 encoded, doing an Algorithm Confusion attack to sign the token with the RSA Public Key 41:50 - Playing with the Webhook and discovering a SSRF, which we can also do protocol smuggling since we can write to the HTTP Method 46:30 - Looking at the Redis Migrate functionality which confirms we can i