Tier 2: Base - HackTheBox Starting Point - Full Walkthrough

Подписаться 35 тыс.

Просмотров 6 тыс.

50% 1

Learn the basics of Penetration Testing: Video walkthrough for the "Base" machine from tier two of the ‪@HackTheBox‬ "Starting Point" track; "don't forget to contemplate". We'll be exploring the basics of enumeration, service discovery, directory busting, swap files, PHP type juggling, insecure file upload, privilege escalation with GTFOBins (find) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
Sign up for HackTheBox: hacktheboxltd.sjv.io/xk75Yk
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
RU-vid: / cryptocat23
Twitch: / cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryp...
/ hackthebox_eu
/ discord
↢Video-Specific Resources↣
/ php-type-juggling-vuln...
portswigger.net/web-security/...
gtfobins.github.io/gtfobins/find
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:13
Add to hosts + export $box: 1:19
Explore website: 3:06
Login (ffuf? SQLMap?): 3:50
Swap file: 6:31
PHP Type Juggling: 8:55
Insecure File Upload: 11:23
Gobuster: 13:53
Reverse Shell (navi - crunch): 15:42
Post-enumeration: 17:30
Privilege Escalation - GTFOBins (find): 19:35
End: 21:41

Наука

Опубликовано:

3 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 31

@Vex7eX Год назад

Thank you so much. I spent a week studying the three tiers of Starting Point and whenever I encountered something I can’t solve, I watched your tutorial. Now, I can independently complete the final challenge and get the flag. Thanks again for your help!❤

@_CryptoCat Год назад

🙏🥰

@chronos3716 2 года назад

thank you lots! Waiting for the next CTFs!

@_CryptoCat 2 года назад

💜

@user-ef7lu1bl1n Год назад

This is my first completely independent box. I have learned a lot from you. Thank you very much. Ha ha ha, like learning to walk for the first time.😁

@_CryptoCat Год назад

Congrats mate and keep it up! It 's an incremental process, stick with it and you'll learn a bit more each day 🙂

@jaz11350 2 года назад

Lots a good info you put out much appreciated

@_CryptoCat 2 года назад

🙏🥰

@HopliteSecurity 2 года назад

Your accent is so captivating to listen too!

@_CryptoCat 2 года назад

aww thank you 💜

@manolete1516 Год назад

your videos are amazing, very easy... take your like master!

@_CryptoCat Год назад

thank you! 👊

@kylejf9059 Год назад

Thanks for this once again. I totally didn't know the array issue and was stuck. After there I made my own way through successfully without much trouble, our old friend linpeas proved itself nicely. Many thanks 👍🏻🙏🤝🏻 Edit: upgrading my terminal as you showed in a previous video was employed nicely here. 👍🏻

@_CryptoCat Год назад

Nice work! 🔥

@kylejf9059 Год назад

@@_CryptoCat thanks and I wouldn't have gotten this far without your videos. Really proved an excellent resource when I was totally lost at times, so can't thank you enough.

@_CryptoCat Год назад

@@kylejf9059 Thanks mate, appreciated! 🥰

@Aslamkaztro Год назад

❤❤❤❤

@_CryptoCat Год назад

💜

@johnnyg3606 2 года назад

Great video, thanks, appreciate the tips and tools. I like the navi-crunch - is that a tool/resource? Thanks

@_CryptoCat 2 года назад

Thanks! github.com/denisidoro/navi - is a cheatsheet manager so can be used for a lot of stuff, but there are some security-focused cheatsheets, e.g. github.com/esp0xdeadbeef/cheat.sheets or you can create your own. I haven't got round to converting my commands.txt into cheatsheet entries so I still do a lot of copying and pasting atm xD that crunch shell is really nice though, I'll probably set it up as a bash alias soon to speed things up even more 🙂

@omarmandri5031 2 года назад

Great walkthrough! I just want to know what is your setup, do you run parrot on a vmware or is it your daily driver? thanks

@_CryptoCat 2 года назад

thanks mate! Windows 10 for my host system then I use VMWare Workstation with some VM's.. Mostly Parrot and Commando these days 🙂

@lespetitjoueurs 7 месяцев назад

I have some problem with burp As soon as I activate it, the page no longer works and I have no traffic

@_CryptoCat 7 месяцев назад

One *really* common issue after setting up burp, is not realising that you have turn the "intercept" feature off to allow traffic to flow. Make sure it's turned off, or that you forward any requests that are waiting for your instruction 😉

@HackingInSeconds Год назад

I just wanted to ask at 15:43 how did you open something you called crunchy shell or (navi-crunch) is there a shortcut or command how did you open it?

@_CryptoCat Год назад

Hey, good question. github.com/denisidoro/navi - is a cheatsheet manager so can be used for a lot of stuff, but there are some security-focused cheatsheets, e.g. github.com/esp0xdeadbeef/cheat.sheets or you can create your own. I haven't got round to converting my commands.txt into cheatsheet entries so I still do a lot of copying and pasting atm xD that crunch shell is really nice though, I'll probably set it up as a bash alias soon to speed things up even more 🙂 For the crunchy shell specifically, I also added it to my ~/.bash_aliases file so I can call it anytime by typing "plzsh": github.com/Crypto-Cat/CTF/blob/main/my_bash_aliases.md

@mimosaevo Год назад

Thank you for your amazing content, it helps me a lot to understand things. Nevertheless, I'm currently stuck at one moment and unfortunately can't get further. When I click on "show response in browser", the browser says: If you are not redirected shortly, please click the button below. I am not redirected, not even by clicking on the button, the website loads and loads. I have downloaded and installed the Burpsuite certificate. My foxyproxy is active, I have entered my local ip address there. I would be very happy to receive an answer from you

@mimosaevo Год назад

Oh I have figured it out. Intercept was in status „on“ 🤭Anyway, thank you. I look forward enjoying new content from you 🤟

@_CryptoCat Год назад

Hey! Thanks for the lovely feedback 🥰 Happy to hear you got your issue resolved 🙂

@Vex7eX Год назад

@_CryptoCat Год назад

The best feedback! Thanks mate 💜