HackTheBox - RainyDay

00:00 - Introduction
01:00 - Start of nmap
04:40 - Identifying this page is built with flask based upon a 404 page
06:15 - Looking at /api/
07:15 - Showing a weird bug in python where you cannot run int() on a string that is a float
08:00 - Showing the source code on why this bypassed the check
10:12 - End of edit, extracting all the users passwords with curl
15:40 - Cracking the hashes and getting a password …

api bug check code cracking curl end flask hackthebox hashes introduction nmap passwords python run source code start weird