HackTheBox - Pikatwoo

00:00 - Introduction
01:00 - Start of nmap
03:15 - Identifying all the technologies used in the box
10:45 - Looking at OpenStack Keystone Authentication and discovering CVE-2021-38155
12:15 - Pulling up API DOCS to see how to login to Keystone, then testing lockout
14:00 - Taking the Burpsuite Request, sending it to FFUF and using a trick to try each password multiple times
25:30 - Attempting to access Swift as a vendor to bypass auth, using GoBuster and discovering …

api authentication box burpsuite cve docs ffuf hackthebox introduction keystone lockout login nmap request start technologies testing