HackTheBox - Blunder

00:00 - Intro 01:03 - Start of NMAP 04:30 - Discovering , which says bludit is being installed. 06:30 - Looking for exploits searchsploit, everything requires Auth 07:35 - Attempting a login and noticing the CSRF Tokens 09:20 - Looking for exploits online that haven't made it to SearchSploit yet 12:00 - Placing the X-FORWARDED-FOR header to bypass brute force protection 15:40 - Creating a Python Brute Forcer 16:45 - Scripting: Grabbing the CSRF Value with python requests 18:20 - Scripting: Grabbing the PHP Session Cookie with python requests 18:20 - Scripting: Sending a login request with python requests 18:20 - Scripting: Telling request to not follow and detect a valid login 31:10 - Using Cewl to build a wordlist, then changing our python script to pull passwords from our wordlist 34:30 - Scripting: Setting a random IP in X-Forwarded-For header 37:50 - Scripting: Scripting fixing a bug then getting a password via brute force! 41:00 - Start of p