TRADING TheNotebook
by neosama - March 07, 2021 at 03:49 AM
#1
Sup guys , Any nudge for TheNotebook? I think it is XSS?
#2
jwt - abuse the kid and point it to yourself after generating a key pair
#3
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

can you explain a little bit more?
#4
(March 07, 2021 at 05:59 AM)modamanitha Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

can you explain a little bit more?

Google it and you will enough description
#5
Any hint on getting root?

It has something to do with docker exec but not getting what
#6
(March 07, 2021 at 07:54 AM)dummytest Wrote: Any hint on getting root?

It has something to do with docker exec but not getting what
docker runc exploit 5736
#7
(March 07, 2021 at 07:24 AM)xander2000 Wrote:
(March 07, 2021 at 05:59 AM)modamanitha Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

can you explain a little bit more?

Google it and you will enough description

yeah but I can't edit rs256. it gives 500 error.
#8
i want a write up about this box please <3
#9
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

Is it should use the jwt_tool??
#10
(March 07, 2021 at 11:40 AM)megthehacker Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

Is it should use the jwt_tool??

Yes. You should use the JWT tool. Create your own key, host it trough the webserver, change KID to the path and encrypt your token with your private key...
#11
(March 07, 2021 at 11:40 AM)megthehacker Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

Is it should use the jwt_tool??

Yes, you have to. I used jwt.io to decode the auth-token and to signate my own... then replace it with a cookie-manager and you're admin.
As admin you see 2 notes regarding PHP-Execution and Backup. 
Now I'm figuriing out how I can execute PHP then...
#12
(March 07, 2021 at 12:16 PM)thegrey1981 Wrote:
(March 07, 2021 at 11:40 AM)megthehacker Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

Is it should use the jwt_tool??

Yes. You should use the JWT tool. Create your own key, host it trough the webserver, change KID to the path and encrypt your token with your private key...

Thank you

but I'm noob, so I should search and learn how to use jwt_tool

(March 07, 2021 at 12:42 PM)HDplus Wrote:
(March 07, 2021 at 11:40 AM)megthehacker Wrote:
(March 07, 2021 at 04:06 AM)southerndarkness Wrote: jwt - abuse the kid and point it to yourself after generating a key pair

Is it should use the jwt_tool??

Yes, you have to. I used jwt.io to decode the auth-token and to signate my own... then replace it with a cookie-manager and you're admin.
As admin you see 2 notes regarding PHP-Execution and Backup. 
Now I'm figuriing out how I can execute PHP then...

thanks

I will search on google to detailed usage and theory

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING TheNotebook Writeup egotisticalSW 1 735 June 23, 2021 at 06:13 PM
Last Post: Jimmy02
TUTORIAL TheNotebook sentinela 0 592 June 07, 2021 at 11:00 PM
Last Post: sentinela
FLAG Hackthebox spectra and thenotebook writeup Nsociety 1 1,210 April 22, 2021 at 07:41 PM
Last Post: razza

 Users browsing this thread: 1 Guest(s)