Тёмный

THREE- Starting Point - Hack The Box // Walkthrough // Kali Linux 

GetCyber
Подписаться 21 тыс.
Просмотров 5 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Hey Purple Team, Dan here! Today we dive into the "Three" box, a part of the Hack The Box's Starting Point series using our Kali Linux. 🛡️ NMAP TUTORIAL 👉 • NMAP Basics Tutorial f...
We tackle the challenge of exploiting a server by uploading a PHP shell into Amazon Web Services (AWS) S3, leading to remote code execution (RCE) and ultimately, capturing the flag. This demonstration is not just about hacking into a system; it's about understanding the vulnerabilities that exist within cloud environments and how they can be mitigated.
We start by exploring the setup of "Three," a seemingly innocuous box that hides its vulnerabilities behind common web technologies. The goal here is to leverage a PHP shell upload vulnerability, a classic but potent attack vector, to gain unauthorized access to the server's inner workings.
The PHP Shell Upload:
The core of our attack involves uploading a malicious PHP script to the server's AWS S3 bucket. This script is not a simple file; it's a doorway through which we can execute commands on the server. We'll walk through how to craft this PHP shell, ensuring it's stealthy enough to bypass basic security measures.
Gaining Access:
With the shell uploaded, the next phase is triggering the script to execute. This step is where the magic happens - using the shell to execute arbitrary code on the server. We'll demonstrate how to interact with the shell, sending commands back and forth, and how to maintain a stable foothold within the server.
Remote Code Execution (RCE):
Remote Code Execution is the ability to run commands on a remote server. In the context of "Three," we exploit our uploaded PHP shell to run commands that explore the server's environment, search for vulnerabilities, and eventually find and display the coveted flag.
Capturing the Flag:
The climax of our journey is capturing the flag, a token hidden within the server that proves we've successfully exploited it using Kali Linux. We'll use our RCE capabilities to navigate the server's file system, locate the flag, and reveal it on screen.
🤓 Follow Me:
/ getcyber
/ danduran-ca
getcyber.me
#HackTheBox #CyberSecurity #kalilinux

Наука

Опубликовано:

 

2 фев 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 18   
@Flowerofkindness
@Flowerofkindness 4 месяца назад
at this point i learn way more from the little stuff you add on to your vids like how to retrieve the seclists than the actual HTB exercise. I'm just gonna go through all your vids one by one. I made a new vm with kali instead of parrot due to some issues I was having and you've once again been instrumental. As always, THANK YOU!
@GetCyber
@GetCyber 4 месяца назад
Thanks for noticing. I will add more small steps. I think it's about learning all the quirks sometimes. Thanks!!
@makeitpro66
@makeitpro66 21 день назад
Awesome mate, thanks for sharing
@gavinstorrer1168
@gavinstorrer1168 4 месяца назад
You legit saved me with your video! Thank you
@GetCyber
@GetCyber 4 месяца назад
That's great! I'm happy to help!
@ruslanbedoev9264
@ruslanbedoev9264 3 месяца назад
All your vidoe are just amazing. Thank you so much for the priceless information.
@GetCyber
@GetCyber 3 месяца назад
Thanks again!!
@GetCyber
@GetCyber 4 месяца назад
🛡 NMAP TUTORIAL 👉 ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-W7076RPIgfQ.html
@ruslanbedoev9264
@ruslanbedoev9264 3 месяца назад
You are the best. thanks alot!😊😊
@collomash9063
@collomash9063 4 месяца назад
Hey... I love your tutorials because they are simplified and they help alot...would you mind doing tier 2 walkthroughs please 🙏
@GetCyber
@GetCyber 4 месяца назад
Sure thing! Thank you for watching!
@maxmetellus887
@maxmetellus887 4 месяца назад
Thank you, your video was very helpful
@GetCyber
@GetCyber 4 месяца назад
You're very welcome!
@kavishkagihan9495
@kavishkagihan9495 4 месяца назад
Hope you liked it!
@GetCyber
@GetCyber 4 месяца назад
Thank you so much for watching! I really appreciate your support and I'm glad you enjoyed the video.
@ssigitas69
@ssigitas69 4 месяца назад
I didn't understand nothing.....I finished just first step yet, Meow, but accidentlly found this video and decide to watch for fun, and ....
@GetCyber
@GetCyber 4 месяца назад
I understand. It's not easy but it get easier as you go. Meow is the easiest. You need to go through the Tier 0 and you will understand once you get to this one. You can do it! 💪💪💪
Далее
Hack The Box Starting Point - Archetype walk-through
18:24
Hack The Box Starting Point - Archetype walk-through
Просмотров 3,5 тыс.
Hacking Linux with These Simple Commands Pt:1
0:56
Hacking Linux with These Simple Commands Pt:1
Просмотров 414 тыс.
Gale Now VS Then Edit🥵 #brawlstars #shorts
00:15
Gale Now VS Then Edit🥵 #brawlstars #shorts
Просмотров 815 тыс.
НЕВИДИМАЯ СТЕНА ВСЁ ИСПОРТИЛА #ets2 #shorts #lissa
00:36
НЕВИДИМАЯ СТЕНА ВСЁ ИСПОРТИЛА #ets2 #shorts #lissa
Просмотров 273 тыс.
Recycled Car Tyres Get a Second Life! ♻️
00:58
Recycled Car Tyres Get a Second Life! ♻️
Просмотров 9 млн
小舞怎么变成这样了?#斗罗大陆 #唐舞桐与唐老六 #小舞 #唐舞桐 #唐三 #唐老六
00:11
小舞怎么变成这样了?#斗罗大陆 #唐舞桐与唐老六 #小舞 #唐舞桐 #唐三 #唐老六
Просмотров 2,3 млн
HackTheBox Walkthrough // Three
37:08
HackTheBox Walkthrough // Three
Просмотров 29 тыс.
WSJT-X Improved - an alternative client
15:00
WSJT-X Improved - an alternative client
Просмотров 3,9 тыс.
HackTheBox - Lame - Walkthrough
14:05
HackTheBox - Lame - Walkthrough
Просмотров 209 тыс.
Unicorn Scan. #kalilinux #kalilinuxtools #hackingforbeginners #ethicalhack #networksecurity
0:30
Unicorn Scan. #kalilinux #kalilinuxtools #hackingforbeginners #ethicalhack #networksecurity
Просмотров 4,2 тыс.
Hack The Box Starting Point - Bike walk-through
20:45
Hack The Box Starting Point - Bike walk-through
Просмотров 1,5 тыс.
Tier 2: Unified - HackTheBox Starting Point - Full Walkthrough
25:35
Tier 2: Unified - HackTheBox Starting Point - Full Walkthrough
Просмотров 25 тыс.
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)
19:47
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)
Просмотров 32 тыс.
I Played HackTheBox For 30 Days - Here's What I Learned
10:23
I Played HackTheBox For 30 Days - Here's What I Learned
Просмотров 338 тыс.
Чем ОТЛИЧАЕТСЯ Lixiang L6 от L7 и L9: Покажу наглядно!
0:44
Чем ОТЛИЧАЕТСЯ Lixiang L6 от L7 и L9: Покажу наглядно!
Просмотров 18 тыс.
🔥ОН ТЯНЕТ ВСЁ! Собрал ДЕШЕВЫЙ ИГРОВОЙ ПК ЗА 15К! Бюджетный комп для игр за 15.000 рублей 🎁
12:17
🔥ОН ТЯНЕТ ВСЁ! Собрал ДЕШЕВЫЙ ИГРОВОЙ ПК ЗА 15К! Бюджетный комп для игр за 15.000 рублей 🎁
Просмотров 14 тыс.
Решил СТРАДАТЬ с лучшим КАМЕРОФОНОМ? VIVO X100 ULTRA за 100K RUB
30:03
Решил СТРАДАТЬ с лучшим КАМЕРОФОНОМ? VIVO X100 ULTRA за 100K RUB
Просмотров 54 тыс.
Вот ЧТО НУЖНО ДЕЛАТЬ, если в ваш телефон ПОДГЛЯДЫВАЮТ‼️🔥
0:16
Вот ЧТО НУЖНО ДЕЛАТЬ, если в ваш телефон ПОДГЛЯДЫВАЮТ‼️🔥
Просмотров 11 млн
Магазин техники Apple - @x.gadgets.96 (ул. Радищева, 12)
0:31
Магазин техники Apple - @x.gadgets.96 (ул. Радищева, 12)
Просмотров 34 тыс.
Телефон в воде 🤯
0:28
Телефон в воде 🤯
Просмотров 1,2 млн
iPhone 16 - КРУТЕЙШИЕ ИННОВАЦИИ
4:50
iPhone 16 - КРУТЕЙШИЕ ИННОВАЦИИ
Просмотров 66 тыс.