HackTheBox Walkthrough - Popcorn

HackerSploit · Intermediate ·🔐 Cybersecurity ·6y ago

Key Takeaways

The video demonstrates a walkthrough of the HackTheBox challenge 'Popcorn', which involves exploiting vulnerabilities in a Linux box to gain root access. The challenge requires the use of various tools and techniques, including nmap, GoBuster, hash identification, and exploit suggestion.

Full Transcript

hey guys welcome back to the actor box walkthrough series in this video we're gonna be taking a look at popcorn so popcorn is a linux box and it's uh primarily directed towards a real life scenario and a cve based challenge um so without further ado let's get started so let's copy the ip there so i'm just the first thing i'm going to do is i'm just going to cut out the nmap results from my nmap scan and you can see again we're following the simple uh the simple procedures that i use or the options that i use so service enumeration and aggressive scan on all ports this is tcp based of course we so you can see that we have ssh server running here so open ssh 5.1 p1 um we also have a web server running apache httpd 2.2.12 that is ubuntu so that gives us an idea of the operating system we're dealing with uh to a certain extent um so the first thing we're going to do is uh we are going to try and search for an exploit for that particular version of openssh i know it's really not something that you typically find with openssh but again ssh and we say 5.1 we hit enter so we don't have any results for that particular version of openssh so the next thing is to open up a the web server here so you can see it tells us that uh it works this is the default web page uh for this server the web server software is running but no content has been added yet all right so if we open up robots.txt let's just see if we can enumerate anything so you can see the requested url was not found at the server so let's try and perform some directory brute forcing to see if we can uncover any hidden gems here so first thing i'll do is i'll use go buster many of you you have actually pointed out that i should use go bust instead of anything else so go busted directory brute forcing say url is the following and i'll paste that in word list is going to be under user share word lists and i'll say we'll use the dev buster word list say directory uh directory list 2.3 medium dot txt hit enter and let's that's going to start go bust and let's see if we can enumerate any hidden directories that we might have missed um so i'm going to let that run it's one of great advantages of using go buster is it's much more faster because it uses go of course and that means we can utilize things like threads um so we get the test we get a test directory that's interesting so let's try and open that up so we're going to say open up test here and we get the php version here which is weird it actually displays this to us um so that's of really no help um let's go back and let's see if we have any other directory so yeah nothing else so i'm just going to wait for this to complete in the meantime let's see if we can enumerate any more information if we we take a look at the page source we don't get anything secret here or anything hidden that is of any particular use and let's just check back and see if we have any results from the directory brute forcing so nothing yet so i'm just gonna let this run and uh we can actually we can actually let it run together we take a look at these services here yeah we don't have anything much uh regarding what we can target in terms of attack vectors um openssh let's try ssh um root act and let me just get rid of these the http protocol here hit enter yes and let's see if we can actually log in uh it doesn't allow us to do anything that's very weird um we go back and yes looks like we get another hidden directory so i'm just gonna let's terminate this ssh session here so just hit enter to a false password here um so we'll just terminate that and let's check it out so it's a torrent directory so let's open that up and i'll just say torrent and we hit enter and it takes us to what appears to be a torrent hoster web application which is very interesting so it looks like we can actually host our own torrents here which is uh pretty cool but anyway we can log in and we can also sign up which is very interesting uh let's try and brute force this particular directory because there might be stuff that we should be looking for so i'm just going to terminate that and what we'll do is we'll just say torrent here and i'll just hit enter and let's brute force all right so there we are so you can see we have quite uh a lot of stuff so we have an index so let's check out the index first um index uh that doesn't display anything which is weird uh we have a download let's check out download download yeah that doesn't give us anything useful here um yeah so nothing useful there um we have login which we have already we have admin let's check out admin uh we have browse and upload so let's try that out so we have uh admin and that takes us to login which is okay uh browse that allows us to browse torrents uh do we have any other we have torrents here so yeah there we that's browse and looks like we have one torrent this is a kali linux torrent here uh that's interesting so let's check out the other directory which was um sorry that was i think uploads uh was it uploads uh i think it was upload let's just try that out and uh okay that's interesting so we can see some images that looks like an image there and nos what is no screenshot all right so that means no screenshot all right that's interesting um let's just keep this directory in mind because we can actually i think we can actually try and upload a shell here but uh before we do that let's try and see whether we have any other directories here so we have upload edit database secure let's try those out as well uh database all right we have a database we have an sql database here so this is a phpmyadmin sql dump the database is torrent hoster so it's going to dump so it gives us information for the comments table [Music] the table structure so there's news so these all the sub categories um so it gives us all right there we are so insert info users values admin and it gives us the admin email so this looks like the password let's try and log in with that so let's try and log into admin actually uh so what is the ip it is 10.10.6 and this is current and let's try and log in actually with the admin credentials so i'll say admin let's try and log into the password log in here that did not work um i think because that's probably a hashed password let's see if we can identify what password this is so hash identifier uh let's try and use that based on that so i told us it looks like it's an md5 credential md5 there we are so we can try and crack that in the meantime let's see if we can actually create a user account so i'm going to sign up so let's go to uh let's try cyber chef let's try cyber chef here now we can try and crack we can actually try and analyze what we're dealing with because it could have a a salt is using a typical or a standard md5 so let's see md5 sorry md5 let's bring that up in here paste that in there it gives us the output uh which is interesting gives us another what appears to be an md5 hash here let's try and replace that there so it keeps on giving us md5 hashes um so what we'll try and do is let's try and create a new user so i'm just going to say test password you know password password and an emails and test test.com i've used that before 5d f i believe that's a zero or zero or an or an a not really sure let's try and register anyway uh all right so i think that the code was incorrect um password password uh 3d874 and let's hit register now hopefully that works all right so we can log in so test and password so here's by the way let's try and analyze what we were dealing with here uh because the md5 domain cache credentials so md4 pass and the md4 that's that's weird um so let's just go back here if i copy it here uh so you say md4 let's get rid of all that and say md4 here paste that in there so yeah it keeps on giving us uh new values all right that's weird um told us we cannot access admin hmm interesting uh but where we are supposed to log in here uh for some reason we can't log in i don't know where the login prompt went uh if i go back into torrent and we just try and access this um so yeah i'm logged in so if i take a look at my torrents here uh it looks like we can browse torrents we saw that we had the cali torrent here um and if we take a look at the we have the screenshot which looks like the this screenshot right over here i believe so um let's let's see if we can actually upload the torrent um the first thing i want to do is let's try and i believe i already have a reversal download it here you usually have that saved there we are so let me just extract that and the first thing i want to do is uh let's open this up with genie because that'll be much easier to edit so the first thing let me just get rid of all of these comments so so php reversal can be found on pentest monkey in case you are wondering uh to increase the font size here um so we're just going to get the ip here so i have config and we'll get the the tunnel zero interface ip which is the act the box network and uh uh we will uh we will try and log in there um so we'll just go into genie and we'll put in the ip so this is the local ip that it is going to be connecting back to and the port will set it to one two three four that's fine um so we can actually just save this and uh what we can do is by the way we can actually just save this on the desktop as a um we'll just call it a shell dot php sorry shell dot php and we'll hit save okay um by the way we might also want to change this into bash uh so let's just let's actually just save that and we'll change that into a bash so it gives us a bachelor instead of a born shell um so now that we have that there let's try and see if we can actually upload that file so if i say browse let's see if we actually have any restrictions regarding upload so shell.php hit open we'll just call it a shell uh category other it is uh other we'll just upload the torrent and it tells us this is not a valid torrent file all right that's uh that's interesting so if we get another torrent so let me just open up google.com uh let's see gully linux torrent let's get a torrent file and let's see if we can upload the torrent file so i'll get the latest torrent file here i'll save that and we'll upload and we'll just go into browse and we'll go to the downloads folder and uh there we are we'll open that up and uh we'll just try and upload that torrent and it looks like it's processing so that looks like it's working by the way i want to intercept these requests because i want to see if there is any sanitization regarding the types of files and file extensions that we can try and upload um so it looks like it only accepts torrent files i could be wrong but let's try and experiment and let's see what's going on exactly um by the way if we take a look at the results here it is it's still brute forcing so it got a validator torrents thumbnail readme let's check out the readme that could be interesting then say torrent and readme let's see if there's anything interesting here all right so we get a readme file that tells us this is torrent host 2.0 well there are there any vulnerabilities for this um let's see if there are any exploits so exploits let's see if there are any exploits or remount upload uh interesting but we're getting carried away but this gives you all the installation requirements uh the unit sql php uh gd2 if we take a look at the license that gives us the license information so it's gpl not really sure what version of gpl but you can see that this is a remote upload so remote upload exploit so we go to torrent host torrents.php mode upload uh that's interesting so use tamper data number two is you have this little payload here i believe that uh not really sure what it does here but uh it gives you the password very interesting so cross-site scripting and then you can use the once you have actually uploaded you can use the torrents to find the shell but hold on before we do that i was onto something here let's just close cyber chef up here so it looks like we're able to upload the latest version so it has all the information of the torrent the uploaded by category tracker size all that good stuff and then we have the screenshots which is what i was interested in because it looks like we can upload the the file here so um if we click on edit this torrent it takes us to this little page here and then we can edit the hash no the hashtag is the same that's that's dumb of me to say uh so we can update the screenshot so if we change let's see if we can upload the shell directly by the way so desktop shell.php hit open submit screenshot invalid file okay interesting so this and it has these some sanitization going on here or up there's some upload restrictions not really sanitization so let's go into zap here and i'll just open up zap and uh let's see what exactly we're dealing with here so for some reason zap is taking a really really long time to open um let's close up hash identifier and uh we'll go back here all right so uh no i do not want to persist the session so first of all let me just refresh this so that we have this loaded up within zap uh by the way i haven't actually set the certificate authority for that but i think that should be fine so we're going to set a break on all the requests so i'm going to say edit this torrent and it gives us the break here so we're just gonna forward it to the next step uh and we'll let that that should open up this page here there we are all right so i'm gonna say browse shell.php hit open and we now want to set a break so yeah we want to set the break now so let's let me just open that up and we say submit screenshot all right so we get the data here or the request rather so you can see this is the actual content here if we take a look at the the break here there we are so the file uh the application the content type is application xphp so that makes sense so you say if we say image uh png and we then hit uh you know break to the next and as it says upload complete all right so it's i'm not really sure let's break to the next point so it says upload uh completed so that that that was fairly simple able to bypass it directly just by changing the type um so if we take a look at the uploaded files here and we reload that uh sorry let me just remove that break that's really annoying um let me just reload this uh so yeah we can see we have the php file here which is the shell so we set up a um if we set up a listener with netcat we should be able to get a reverse shield let me just stop this brute force here um so i say netcat nvlp1234 and we're going to listen and if i click on the php file here we should get a reversal with bash there we are so we don't have job control we are currently using the we're currently logged in as uid with the www data system account so we can confirm that again so uh first thing what kernel are we running uh we're running 2.6.31 capped let's see issue ubuntu 9.10 so this should be vulnerable to quite a few things uh the first thing i want to do is i'm going to move into my opt directory i'm going to use the um we're going to be using the what's it called the linux exploit suggester suggester and that should be the first version on on github not version two um so we can just get the content with w get by the way do we have double get or uh yes we do so we say we get and uh oops sorry about that we know pt by the way uh paste that in there permission denied interesting um probably just get rid of that there uh we will so it's still resolving uh could that be an issue are we actually able to connect to the internet or we have to set up a server here that's interesting um so let's wait for that in the meantime we can actually get it on our system ourselves uh and we'll just hit enter yeah we're able to get it on our system so we'll just move we'll just call it uh we'll just s we'll just call it s u g dot sh and uh hit enter so is that has that actually resolved or will that fail i'm not really sure right so that failed so that means we need to get it from a device on the local network so that means from our system so we can use uh the simple http server python m simple http server that should be on port 8000 so this is going to be sug.sh that's interesting so you say don't forget http uh what's my local ip i can't believe i keep on forgetting this man this is weird uh so it's 10 10 14 38 yeah that's that's a bit difficult to understand or to remember now so it's 8 000 s u g dot sh we hit enter and we can't actually uh let's try tmp and i'll just try and use this this command right over here one more time uh we need permission to actually do anything here so yeah it looks like we're able to get it into the tmp folder so if we list the files here kch mode plus x um suv.sh hit enter say suv dot sh hit enter and let's see what exploits were able to enumerate here so we'll look at the one at the top because that seems to be the most likely so kernel version 2.6.31 it's a 32-bit architecture ubuntu ubuntu 19.10 uh additional checks so package listing from current os um so the kernels it has 73 kernel space exploits which is weird that's actually that's quite bad uh and 43 user space exploits full nelson is the first one here which again it tells us the exposure it's highly probable so we should actually try this right now let's try and open this link and let's see what we get so it gives us the entire file so if we use wget to get this let's see if we can actually compile it the compilation information are as follows we use gcc and we simply just compiling it without any other additional options here so what we can do is we can just say we'll just get the file as it is and uh yeah it looks like we're gonna have to save it on our device first so or in our machine first so uh we'll just say don't forget get that exploit and we get it right over here so nelson uh we and uh let's see that is actually the exploit uh yeah so you can read some let's read about what this exploit essentially does uh so it exploits this exploit leverages three vulnerabilities to get root all of which were discovered by nelson lh so cv 2010 to 4258 uh and then we have cve 2010 38 49 and uh a few others this is very interesting i'm very curious to see as to whether it is a let's let's see what information it can give us about uh so we have the download url that gives us that there uh i'll probably check that out on my own time because that's very interesting so uh yeah so now we can actually use the simple http server so [Applause] python m simple http server with full nelson dot c uh so we're gonna say we get http i keep on forgetting the ip but again um we can just put it in there anyway so um 8 000 and we are getting the full nelson dot c and we hit enter and we're able to get it there all right so that's excellent we list the files uh so gcc pcc um full nelson dot c and i'll put this into full nelson or whatever name you want and we're gonna hit enter and it looks like it did it so we can actually exploit to see it more plus x um so full nelson hit enter say full full nelson hit enter and i don't know have we got anything here if we type in ls uh and id yeah so it looks like we got root so that was fairly simple um so we can actually try and go into the home directory uh we have the user george uh so george and we can cut the user.txt uh flag here so we get the flag right over here and we then can go into root and we have the root.txt flag so cat root sorry my bad.txt and hit enter and we get the root flag and yeah so that was fairly simple can we get a phone shell no uh we pretty much to get a consistent shell would need to upload a reverse shell or a payload and we were able to execute it but i'll hopefully make videos covering more of post exploitation in the future um so that's going to be it for this video guys this was uh quite an interesting one because we're dealing with web application as the primary attack uh we're able to upload uh a php script through a up an upload bypass vulnerability in the upload um in the uploader here where we actually try and we upload it as a screenshot i thought you would actually do it through the torrent but that looked quite secured probably some validation there because it has to actually get or fetch the information uh like the actual the seeds and peers the tracked by uh and the tracker information um yeah so that's gonna be it for this video guys uh let me know what you guys think in the comment section and i'll be seeing you in the next video peace [Music] you

Original Description

In this video, I will be showing you how to pwn Popcorn HackTheBox. 📈 SUPPORT US: Patreon: https://www.patreon.com/hackersploit Merchandise: https://teespring.com/en-GB/stores/hackersploitofficial SOCIAL NETWORKS: Reddit: https://www.reddit.com/r/HackerSploit/ Twitter: https://twitter.com/HackerSploit Instagram: https://www.instagram.com/hackersploit/ LinkedIn: https://www.linkedin.com/company/18713892 WHERE YOU CAN FIND US ONLINE: Blog: https://hsploit.com/ HackerSploit Forum: https://hackersploit.org/ HackerSploit Cybersecurity Services: https://hackersploit.io HackerSploit Academy: https://www.hackersploit.academy HackerSploit Discord: https://discord.gg/j3dH7tK LISTEN TO THE CYBERTALK PODCAST: Spotify: https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7 We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms. Thanks for watching! Благодарю за просмотр! Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Obrigado por assistir دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة #HackTheBox
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches viewers how to exploit vulnerabilities in a Linux box to gain root access, using tools such as nmap, GoBuster, and Netcat. The challenge requires analysis of web application security, password cracking, and directory traversal. Viewers will learn how to use exploit suggestion tools and bypass upload restrictions to gain access to the system.

Key Takeaways
  1. Copy the IP address of the box
  2. Perform a service enumeration and aggressive scan on all ports using nmap
  3. Search for an exploit for the open SSH server version 5.1 p1
  4. Open the web server and access the default web page
  5. Check the robots.txt file and perform directory brute forcing using GoBuster
  6. Brute force the directory
  7. Check the index, download, login, admin, browse, and upload directories
  8. Find the database and analyze the SQL dump
  9. Create a new user account and log in
  10. Analyze the MD5 hash
💡 The video demonstrates the importance of analyzing web application security and exploiting vulnerabilities to gain access to a system. The use of tools such as nmap, GoBuster, and Netcat is crucial in identifying potential exploits and bypassing upload restrictions.

Related Reads

📰
IDOR simple way with no burpsuite banged P3
Learn a simple way to identify IDOR vulnerabilities without using Burpsuite, and understand the impact and reporting of such vulnerabilities
Medium · Cybersecurity
📰
OneLake Security Just Hit GA.
OneLake Security hits general availability, enhancing Microsoft's security capabilities
Medium · Data Science
📰
How Cyber Security Consultants in Perth Help Businesses Strengthen IT Protection
Learn how cyber security consultants in Perth can help businesses strengthen IT protection and prevent cyber threats
Medium · Cybersecurity
📰
How to PASS CISSP exam in one-go for REAL
Learn how to pass the CISSP exam in one attempt with tips from a personal experience, focusing on careful question reading and technique application.
Medium · Cybersecurity
Up next
Best VPN For China 2026 — Which One Actually Works?
Tutorial Stack
Watch →