Newsletter 28/02/2023
This machine has a website built in Vue.js that exposes a login form which can be easily bypassed. Then we find an API endpoint that tests connectivity of other websites, which can be exploited using Server-Side Request Forgery to find an internal API documentation. There we have some Node.js code to analyze and see how we can bypass some checks to obtain all the users information and crack a password hash. After that, we can log in, get a valid JWT token and crack it to find the secret. Therefore, we can forge any JWT token, which means we can inject any payload as token information. Using this power, we can read arbitrary files from the server exploiting awk and find plaintext credentials inside a compressed archive. Next, we can access via SSH and find out another website built with PHP with two vulnerabilities. There is also a Cron task that takes information from a CSV file to send an email. The key here is to inject a malicious parameter in the CSV file so that the mail command executes a malicious script, which leads to the privilege escalation
Elliptic Curve Cryptography. Invalid Curve Attack
JavaScript. Prototype Pollution
C# .NET decompilation. JavaScript deobfuscation. AES cipher
Docker image inspection. Shared library analysis