Learn the basics of Penetration Testing: Video walkthrough for the "Oopsie" machine from tier two of the @HackTheBox "Starting Point" track; "don't forget to contemplate". We'll be exploring the basics of enumeration, service discovery, login bypass/cookie manipulation, insecure file upload, PHP shell, filesystem enumeration, SUID binary exploitation, path vulnerabilities, privilege escalation and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
Sign up for HackTheBox: hacktheboxltd.sjv.io/xk75Yk
↢Social Media↣
Twitter: _CryptoCat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: www.linkedin.com/in/cryptocat
Reddit: www.reddit.com/user/_CryptoCat23
RU-vid: ru-vid.com
Twitch: www.twitch.tv/cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryptocat-htb
hackthebox_eu
discord.gg/hackthebox
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: github.com/Gallopsled/pwntools-tutorial
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentesting-methodology
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
Start: 0:00
NMap scan: 0:16
FoxyProxy/BurpSuite: 2:02
Locate login page: 3:16
Try basic login bypasses: 4:55
Guest login: 5:35
Cookie manipulation: 6:40
Upload PHP shell: 7:24
File/Directory fuzzing (gobuster): 9:00
Command execution (revshell): 12:02
Upgrade shell (fully interactive): 14:25
Enumerate filesystem: 15:35
Recover passwords: 16:45
Catch up on question backlog: 17:49
Find bugtracker group: 20:10
Exploit SUID binary: 21:12
Escalate privileges (path vuln): 22:25
Submit user/root flags: 25:14
End: 25:31
13 янв 2022