Learn the basics of Penetration Testing: Video walkthrough for the "Markup" machine from tier two of the @HackTheBox "Starting Point" track; "don't forget to contemplate". We'll be exploring the basics of enumeration, service discovery, Masscan/NMap, brute-forcing login credentials (ffuf), XXE, post-exploitation (uncovering plaintext credentials, winpeas), privilege escalation (permission issues) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
Sign up for HackTheBox: hacktheboxltd.sjv.io/xk75Yk
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
RU-vid: / cryptocat23
Twitch: / cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryp...
/ hackthebox_eu
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
Start: 0:00
Masscan/NMap: 0:24
Brute force login (ffuf): 4:31
Explore HTTP site: 8:48
Research XXE: 10:32
Test payloads: 14:32
Fuzz LFI wordlist (Burp Intruder): 15:55
Recover private SSH key: 20:00
Enumerate filesystem: 21:48
Run winPEAS.exe: 23:11
Investigate PrivEsc: 29:40
Overwrite scheduled BAT script: 31:45
Submit root flag: 36:00
End: 36:51
3 июл 2024