HackTheBox - Pollution

00:00 - Introduction
01:03 - Start of nmap
02:00 - Checking out the site, discovering an email (collect.htb) and setting up gobuster
06:00 - Discovering forum.collect.htb which is running MyBB, someone uploaded a Burp history file which contains API Information
09:30 - Manually examining the BurpSuite Backup File, and discovering it contains full HTTP Requests
12:12 - Sending a POST Request to /set/role/admin with the secret token
12:50 - The Admin Page has a separate registration forum, which sends an …

api backup burp burpsuite collect email file forum gobuster hackthebox history htb http http requests information introduction mybb nmap requests running start