HackTheBox Walkthrough - Tenten

HackerSploit · Intermediate ·🔐 Cybersecurity ·6y ago

Key Takeaways

The video demonstrates a walkthrough of the Tenten challenge on HackTheBox, showcasing cybersecurity techniques and tools for penetration testing and vulnerability exploitation.

Full Transcript

hey guys hackersploit here back again with another video and welcome back to the actor box walkthrough series in this video we'll be taking a look at 1010 which is a linux box and the reason i'm taking a look at it specifically is because it really looks like a very well balanced box um so it it has a balance between enumeration ctf like box and of course cve which again is something i know many of you guys stay away from but the reason i like linux boxes because because you mainly or primarily are not using metasploit as much and everything you know comes down to custom exploitation as you can see there's also quite a focus on that um that being said let's uh let's get started so i already have the nmap results here you know just to save time so nmap we'll just say nmap default.txt and you can take a look at my scan options right over here so i scanned all ports and you can see we have very interesting information so we have two ports or two services open we have we have ssh and the service version running is open ssh 7.2 p2 and it tells us running ubuntu right so we already have an idea of the operating system we're dealing with um we then have a web server running apache httpd 2.4.18 and that's running ubuntu and the http generator tells us we're running wordpress 4.7.3 which is quite outdated we then have the header which is telling us it's running apache 2.4.18 which is interesting that points towards the fact that we we might have some um directory listing and then the http title tells us we have the title of the website which is job portal and it tells us this is just another wordpress website and as for the operating system scan results it tells us uh you know we're dealing with something that has a kernel uh between 3.10 and 4.11 so we're probably dealing with ubuntu 18.04 and lower if we're running ubuntu which in this case i'm guessing we are um so that's my guess regarding the uh the version of ubuntu running now that we know we have a web server running let's check that out and we'll also run a quick search exploit on um on openssh so search search exploit um open ssh 7.2 and this is p2 um okay so we have a username enumeration and these are all python scripts so we'll take a look at this in a second or if we are running wordpress there should be a lot of good information disclosure so we can see it's just a simple wordpress site set up and it has one uh one post so let's take a look at this post it's just a simple hello world post and okay so we have a user we have a user we've already found our first bit of information so i'm just going to log that down um so a user is tacis and when you're whenever you're dealing with wordpress uh the user is very important because we can then potentially brute force into the admin uh into the admin panel and given that this box is a uh is ctf based uh that might be the case however there isn't any post here that we can then use so this has a random reply um which is set up by wordpress the interesting thing is it's telling us archives are from 2017 so if we just try and access the robots.txt page because that's yeah that's probably why it's giving a we were able to get the apache banner so directory listing may be enabled we can actually test that out right now so we say wordpress content um uploads and okay yeah so uh we currently don't have permission for this directory but this is a good sign because again even though we don't have permission getting the there is a form a bit of indexing regarding the indexes um so we'll probably have to take a look at that right now so um now that we have um now that we've actually gone through that uh let's run a quick wordpress scan on this uh because wordpress can will give us you know the important information we're looking for so wordpress scan um by the way with the new version of wordpress scan you actually need to specify or you need to provide an api and the api in question is the von db api if i just look for the option it should be here the api token so if you want vulnerability information regarding specific vulnerabilities and how to exploit them and you know their their disclosures that's what i meant um you need to get the your wordpress von db api token so this is just a database of wordpress vulnerabilities um you know from plugins and themes really really cool site so you can get a free api and it's excellent um i think gives you about 50 free um requests per day so wordpress can url and that is http 10 10 10 10 and enumerate we want to enumerate vulnerable plugins first right so we'll run that and let's just go back to this here so this is a simple site we have job listings let's see what that's about okay so it looks like we have a job listing for pen tester the salary is 1500 and no currency given that start date end date and the location we can also apply now so if we apply now we have a url with apply and we just get rid of that let's see what that display so that just takes us to our job application and when we add the option eight it looks like there are various job application pages so let's try if we have job application page one so that says hello world yeah so this is this is pretty cool we can actually access these uh job application pages so we go back to our page eight which is telling us that's pen tester let's see i think we can brute force this with let's see what other pages we get we pretty much i think we can access all of them let's try 10 but that's just called application uh yeah so let's try and brute force this with burp suite we can actually just replace we can use that as our as our variable to change if we go back and we take a look at the wordpress scan results we can see we have uh what one plug-in identified with a vulnerability and that is the job manager plugin that's ironic since the website is a job application site so that says the location is wordpress content plugins job manager and i think that's the plugin we're using right now so that allows you to specify uh your applications right job applications and the vulnerability type is a in of insecure direct object reference which i i think is a form of insecure access or authentication bypass where you can access i think we have already exploited it if i'm not wrong because i was able to go through all the applications so let's just take a look at the the information from the wordpress von db let's paste that in there and this is the website where you can get the the api um so it's insecure direct object um direct object reference so this is a auth bypass yes so and this falls under a2 under the oasp top tens which is broken authentication and session management and it's publicly published on 2015 and let's we have a link we can access so let's try and see this is the disclosure url and uh this looks like a poc of sorts um okay so the description it's possible to enumerate the cv file name so the cv file name uh if we scroll to the bottom it looks yeah we can upload a cv so we can this is regarding brute forcing the cv file name so um the cv file by performing a brute force attack to the wordpress upload directory structure uh okay so if that's the case then i think we we should uh perform a you know we should actually run a buster instance here going through all the directories if that's going to be important because that will pretty much do it for us but let's see we can actually read through this vulnerability so i use a share word list and i'll just use the buster and directory list 2.3 medium and hit start let that run so going back to the vulnerability the impact cvs contain sensitive data such as telephones home addresses etc so i'm guessing this vulnerability allows you to access these these cvs or those of these files submitted through those applications under the wordpress content uploads directory because that's that's what it's referring to so you upload a cv in this case it's a pdf file and then sql listed out all right so he's listing out his posts and um the file name here was vagamorecv.pdf and there we are so we can see it uploads it under the wordpress content uploads 2015 that's the year it submitted the month or 8 and wagmo cv pdf so we can actually get these files being uploaded from these particular forms now the file name is what we need to actually try and enumerate now so we've tried to access all of them and we perhaps we need to perform a brute force on this so he set his content to private and i think that's what's happening here so we can abuse the wordpress post representation okay so yeah this is what we need to do so we need to use burp suite so i'm just going to enable burp suite here and we take a look at the let me just cancel that rejects request we take a look at the directories here you can see that most of the most of the content is from 2017 so that gives us a good idea already as to where these files are being uploaded but but let's try and find the page or the application page where this is being up uploaded from um or what we can do is we can try and upload a file here so let's let's first of all run this in burp first because i actually want to see what there is responses are if there's any pages that you know we don't have access to so we'll open up burp suite and uh let's see what we can do here so that's this is the community edition many of you tell me to use that but in this case let me just use burp suite and because it's much simpler to explain what i'm doing all right you have the in the intercept set on yes we have the burp suite all right so i'm just going to reload that and let's go into burp suite let's just capture that request so this is our parameter here the value 10 so that is the application page so we will send this to the intruder for a brute force we'll go into the positions the position we have anything marked no so we want to change this value here we're going to add that and we'll use the sniper uh payloads payload set one yeah that's only one payload set the sim the payload type uh that's going to be a number yeah we have numbers uh the number range is sequential from let's see we have from 1 to 15 let's try that that's nice and then the step is one and um yeah that's fine we have payload encoding as well so we'll start the attack and let's see the the status codes the responses we get um so that's already attacking let me just pause the buster that's causing quite a ruckus here so there we are the requests are much faster now and we're all getting 200 responses which means they all exist um so let's take a look at the responses here because we are only getting you know these generic ones so job application one two so on and so forth so let's see the response here let's look for the title so the title is job application hello world uh it's job application sample page auto draft job portal job listing same thing register or hold on register application register oh yeah that's just the same pen tester so that's on uh number eight that's the one it took us to right so that's the pentester roll number 10 number 11 that's cube okay so that's cube we have cube on 11 12 13. oh hold on hold on on 13 we have a application page for hacker access granted okay so let's try that out so i'm just going to minimize this and we're going to proxy disable that and let's turn off burp and let's test that out so this is under 13 right so that's under 13 and the title is hacker access granted all right so anyway i think we can try and upload a file here let's just take a look at what so we get the responses in this case it's all getting 301s which mean those are set to private uh so it tells us we learned the private link but the url is not normalized as lowercase in any case this whole vulnerabilities are based on the fact that you can access the the cvs from the wordpress content directory under uploads but how do we do that we probably need to do that manually we know that it's under 2017 and under the year that you've uploaded your cv however however we can try and access and see whether any files have been uploaded from the year 2017 and so yeah it's telling us the most difficult thing of this structure is the file name only the file name can be brute forced okay all right so that's where we'll have an issue since we have that knowledge we can brute force well the file name was vagmo in this case there is no file but we can test this hypothesis out so there is a brute force script that allows us to enumerate the wordpress upload directory so that we can find that file so it looks like there is a file here so what i'll do is let me just try and download a simple you know like a test file um let's see can i look for let's just download a quick image so i'll say pepe let's just download an image of pepe the frog right uh yeah there we are let's just download this so this is nice and nice and big nice and big right so this is a jpeg file um so we'll save it on a document select the box and under 1010 and save that all right so that's a jpeg file and now we can try and upload it as our cv if it will allow that so let's see if we can actually upload any type of file so alexis i'll just type in my surname there and my email alexis at test.com i don't need to provide the rest of the information let's upload that file so pepe.jpg yes i've understood submit the application and it submits okay cool so that means that means now that if we go into http 10 10 10 10 and wordpress content that's important and we specify the year we have uploaded it so it's 2020 the month is june so that's zero six hit enter so it says that's not found oh yeah we need to specify uploads uploads yes i forgot about that so um [Music] uploads and that says you don't have permission but if we specify the file because the directory listing is disabled in uploads i i believe if we say pepe dot jpeg what was the name of the file we downloaded it's index.jpg sorry that's um that's the name so that is index.jpg that's not saved there [Music] let's take a look at this here so i don't know whether that file is loading let's just look for another image let's say um pepe dot or let's just look for pdf templates let's try pdf maybe that's why it's not working so i'll just download a sample pdf template here um and i really want to get this done quickly so this is a contract so use this template can i download this can i download this now this is taking us into pdf editor everything is done online now i can't even download them uh yeah can i download this this is a um this is a blank order download now wow man this is all right so i'll just download this pdf continue downloading all right to have the pdf file okay cool i have the pdf file so um i will just copy or just let me just change the file name so move um downloads we have the file name is blank order so i'll just call this cv.pdf right and um we'll go back here and um we'll try and upload it so we'll go back into the um this one right over here access granted so i uploaded it as pepe.jpg all right yeah so so that's probably why it wasn't loading that's what i was wondering man um so pepe.jpg oh my god i can't even spell pepe man that's um [Music] and there we are all right so we know that that's working now so we know through their buster that the directory we're getting the most is 2017 and in april but and we know the uh we know that the files are stored right over here so there's this brute force script right here that um we specify a website enter file name so the file name is probably what we need to get now but we can in this case it's telling us hacker access granted so we can try that as the file name and um it says for the for we have a range of years and for the uh for the month it's 1 to 13 so that's january to december the extensions are specified here as pdf okay so yeah we can probably take this script and then you know modify it a little bit to meet our parameters um so vim we'll just call it root.pi and this is i think python2 let me just check that yeah this is python 2. so we'll change the year first of all because the year range um so if we say let's just start let's just start off with 2017 and um we'll say yeah january to maybe let's change it to june because i just want to limit the parameters here for extension in we can add a few more extensions just in the event we have any other extension so we'll add jpeg i will add a jpg yeah we can add a jpg i believe so jpeg sorry jpg we can also add png but let's try this out first so url of instead of cv we can just say url of file found write that and say python um let's see how do we use this script so it's brute dot pi right and it says enter a vulnerable website let's take a look at the usage we have the usage here so it tells us specify the uh url and the wordpress installation directory and um okay so we just need to specify the url so 10 10 10 10 file name will just say hacker access granted that's the name of this application page however yeah this is the title anyway so let's just try that out let's see if that works in the meantime we can try it manually i don't want to brute force it myself so we'll just wordpress content uploads change this to 2017 that we know that that is the directory um and that is zero four and uh let's see if this has given us any results yet if we take a look at the write-up it gives him the directory of the cv which is in this case pdf and given this you can then use burp suite to retrieve all the uploaded you know cvs on the site which is in this case it's just in um this is more particular to to you know getting you know uh important information in our case we're really not trying to expose cvs but trying to find a file here so we know that what our test work let's see if this is responded with anything so in the meantime let's try it manually so we can say um hakka because that's the title name so hacker access granted okay access granted.pdf not found um let's try doc docx uh let's see png jpeg jpeg jpg and okay so we get an image so this is the access granted right so we get an image now uh this is still under that 2017 right did we get a result from here so it's still brute forcing i think so let's save this image and um we'll save it under hack the box and 1010 and save this so it's called hacker access granted.jpg we had the other pages let's see if there any other pages we can see the response so 14 15 is the same job application portal so that's i think that's the information we get but i don't know what we're supposed to do with this so i'll let that run on its own and let me just open up bash here so cd documents factor box and 1010 um cv.pdf that is the file we get access granted.jpg what file type is this um hacker sorry what am i doing so that's the file hacker access granted that is a gpg jpg file uh let's see if we as if this file has been if there's anything hidden so it's components let's see if we can if there's any steganography that's been done on the image documents hack the box denton back access granted let's just look at the properties here um so it doesn't give us anything important so let's try and use a stag height um state guide out we use stair guide so to embed to extract embedded data from stack.jpg use stay guide extract sfs and the image so let's try this take height extract um stack hide extract sf and hakka access granted.jpg enter a passphrase let's try no passphrase and we get some data that's been extracted all right cool so we get id rsa uh okay so that um first of all let's just see the contents of this because if we can use this to log in via ssh sorry cat id rsa um so this is our private key and this has been encrypted um okay so we we got the user we got a user called tacky so we there we now have a user we now have an ssh key which looks like a potential axis vector here but it's encrypted so um to decrypt this we can use um we can use john so we can say we are reversing ssh to john so we say ssh to john and then we specify the file which is id rsa so we hit enter and yes this gives us a hash and this is of type one this is a linux hash which means if we decrypt this we'll probably get a password that we can then use with ssh i i think um or with the wordpress admin um okay so this is uh or type 1 which means it's probably md5 so if we say john um word list and this is user share sorry that is word list equal user share word list word list and that is rock u dot txt and well we need to output the file right so let me just output the file so say bash um we'll say ssh ssh uh ssh to john um we say id rsa we're not in that directory so cd um documents actor box 1010 um so we say let's say ssh to john and we can output it i believe so id let's output it into just a file called password dot hash password dot hash there we are so we can now exit from this uh exit and now we can use this we say password dot hash so we can use run uh we can use john um so well user share word lists uh was that given this giving us an error regarding the is it word lists i believe is it word list or word list let's hit enter and yeah we get a password the password is called super password so um first things first let's see if we can log in so wordpress admin uh and then we try ssh but let's see so we have takis there we are takis and we can no sorry that is super password let's try and log in that's not working okay so let's try it via ssh so and now that we've got the password so we say ssh attack is at 10 10 10 10 [Applause] super password anything and that's telling us nothing so uh yeah we pro is my mistake we need to use ssh i uh id rsa uh tackies at 10 10 10 10 and uh oh yeah we need to do we need to change uh super password we need to change the file id i'm sorry the permission so ch chmod o 400 id rsa and on the previous one so um super super password and there we are so we now have access to takis and um let's see um so we currently i think we can access the um we probably need to perform some enumeration first of all so cat hc um issue we can see yeah so i was actually raised ubuntu 16.04 um excuse me 0.2 lts i would say you name r that's running 4.4 version 4.4 i'm not really sure we have exploits for that but uh you know we can perform privilege escalation uh we have the user flag so user.txt that's done we now need the root flag um let's try and perform some enumeration now so sudo let's see what we can execute here sudo l and we can run the following commands on 1010 [Music] we can run been [Music] [ __ ] all right so pardon my french there uh so let's try and run that let's see what we get so pseudo bin [ __ ] hit enter uh id still so yeah that didn't do anything uh can we use this to access um can we use this to access files within the root directory uh cd root sorry about that um so cd root sorry that that's a bit stupid um let's say cat root um root.txt yeah so yeah we we can immediately get rid but uh this allows us to perform system commands um uh this allows us to perform system commands or to run uh you know an administrative administrative uh what's it called uh commands uh or to perform commands with administrator privileges right so um that being said um now we need to perform some privilege escalation we can probably use the same command to do what we need to do so what i'm going to do now is we can probably to do this well we can just say we can just get a shell session i think we'll be able to get root but then i would like to also elevate the privileges so we can say sudo um so sudo pin this is the the binary by the way i want to access and see what the binary does and then we can say bin bash and we get root so that yeah that was fairly simple um um let's get bin for um yeah so yeah it essentially allows us to execute um you know root commands using this binary so yeah that that was fairly simple quite disappointing i think there is a way we can uh we can perform some privilege escalation so let's let's try and search for um we can use the linux exploit suggester let's try and do that ourselves right so linux exploit um suggest um we'll use version one i i really like version one it's been very effective for me um so we'll just get the raw content here or we actually have the command there forgot about that um can we get it directly through the internet um let's see if we have the ability sorry about that uh let's just paste that in there uh yeah so that's not working um if i go back here that's still running for some reason the script the python script um so i will just use a simple http server so bash with python so cd documents um hack the box and we say tintin and we can just get the script ourselves and i'll just move i'll just change the name so yeah it's already it's less dot sh i'll just change it to [Applause] enum.sh and we'll say python m simple http server sorry that is simple http server and uh we'll just leave it at port 80 right in it and um probably need to run this with uh you know privileges so there we are it's now um if i say so ifconfig let's look for my uh my ip address through my tunnel 0 interface which is 10 10 14 29 so http 10 10 14 29 enum.sh so let's use that right now um so we have ssh there so we go back into session two so we get http 10 10 10 i'm sorry 10 10 14 29 enum dot sh let's see whether that works there we are that works so again we say chmod uh we just remove uh less.sh that probably doesn't have anything so chmod plus x enum sh enum.sh let's see what we get all right cool so it looks like we have um a few options here so let's try and scroll to the top and let's see what we have here so looks like we have a few more some more specifically tuned towards what you would say is i don't know uh what would you call it uh ubuntu um so let's just take a look at the exploits here exploit db we have the first option which is uh if i can just take a look at it let me just scroll to the top here the first option that we have sorry about that is ebf verifier and uh that works on 16.04 17.04 uh that is highly probable they all are highly probable so let's start off with this one let's take a look at how this works here we can actually open up the exploit db here copy link address let's open that up by the way again close the pdf template page although that was useful so that's a c file uh no i want to actually check out the vulnerability before i start playing around with it so let's copy that url that looks like a disclosure url so copy link address and uh paste and go all right so one of the best and worst linux kernel vulnerabilities of all time vulnerability allows for arbitrary read write access to the next kind of bypassing sem esmep and the vulnerability is possible to bypass the bb uh bpf verifier verify dot c load bbf code and write uh read write primitive the root cause of the vulnerabilities in proper arithmetic so this looks like a kernel exploit so we can actually just test this out and let's see whether that works so i'll just get this or copy link address and probably have to get it on my local system here and we'll just say and so this is probably going to get the c file so dot c sorry about that um home that we are not found interesting let me just paste that and go let's see if we can get it so i'll just save it and uh move and we're going to get to the downloads folder and we're looking for four what is we're looking for four five zero one dot c documents at the box and we're in 1010 right so copy that there so vim let's see if we can if we have any instructions on how to compile this exploit um so cd documents sorry um hack the box and um tray 1010 say fim4501.c so this will work uh this is a kernel exploit so this will work on ubuntu 16.04 with the following kernels 4.4 yeah so this will work on our system and also on fedora uh okay so to exit to compile it gcc specify the file and output it right so we can do that so i think we'll compile it on the on the target box um so i'll just i'll just rename this to exploit.c exploit dot c and we can now retrieve that so we'll go back into the second one right over here and um let's see if we can just pull that so we're looking for exploit dot dot c and there we are we can say gcc exploit dot c output exploit right in the ch mod plus x exploit and let's see if we can get root now through privilege escalation and uh cash and there we are so we're able to get root and um cat root dot sorry that's cat root uh my home directory here cd uh there we are so cat well i'm actually this is this is not in the root directory uh well that's weird um in my working directory so cd root there we are and cat root dot txt and we get the root flag and we're able to successfully perform privilege escalation without the use of the [ __ ] binary as it's called now that's that's not my word that's the name of the binary that allows us to execute commands i've covered this with the sudo bypass vulnerability which was slightly different but essentially allowed you to do the same thing or allowed you know an unprivileged user to do the same thing to actually execute commands as the root user um so yeah that's it for this box um a pretty interesting box i cover a lot of important aspects of enumeration and i would say this is more um you know enum and you know custom exploitation because i really didn't get anything you know ctf-ish from this box even though most of the things had to do with your finding important things like users like takis and then uh you know decrypting the ssh password and then using it that way so yeah that was that was pretty simple uh let me know what you guys think in the comment section i would love to hear your you know your feedback and uh what you thought i should have done differently or if you guys have done the box um you know you can send me whatever you thought your means of going through it and yeah that's going to be for this video and i'll be seeing you in the next video

Original Description

In this video, I will be showing you how to pwn Tenten on HackTheBox. 📈 SUPPORT US: Patreon: https://www.patreon.com/hackersploit Merchandise: https://teespring.com/en-GB/stores/hackersploitofficial SOCIAL NETWORKS: Reddit: https://www.reddit.com/r/HackerSploit/ Twitter: https://twitter.com/HackerSploit Instagram: https://www.instagram.com/hackersploit/ LinkedIn: https://www.linkedin.com/company/18713892 WHERE YOU CAN FIND US ONLINE: Blog: https://hsploit.com/ HackerSploit - Open Source Cybersecurity Training: https://hackersploit.org/ HackerSploit Academy: https://www.hackersploit.academy HackerSploit Discord: https://discord.gg/j3dH7tK LISTEN TO THE CYBERTALK PODCAST: Spotify: https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7 We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms. Thanks for watching! Благодарю за просмотр! Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Obrigado por assistir دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة #HTB
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches viewers how to complete the Tenten challenge on HackTheBox, covering topics such as penetration testing, vulnerability exploitation, and cybersecurity techniques. The walkthrough provides a hands-on example of how to apply these concepts in a real-world scenario.

Key Takeaways
  1. Set up a testing environment on HackTheBox
  2. Identify potential vulnerabilities in the Tenten system
  3. Use pentesting tools to exploit vulnerabilities and gain access
  4. Conduct post-exploitation activities to gather sensitive information
💡 The key insight from this video is the importance of practice and hands-on experience in developing cybersecurity skills, particularly in penetration testing and vulnerability exploitation.

Related Reads

📰
Active Directory Enumeration & Password Spraying: A Hands-On Guide
Learn hands-on techniques for Active Directory enumeration and password spraying to enhance your internal penetration testing skills in Microsoft Windows environments
Medium · Cybersecurity
📰
The Quantum Internet Explained: How the Next Generation of Communication Could Be Unhackable
Learn how the quantum internet can revolutionize cybersecurity with unhackable communication, and why it matters for the future of data transfer
Medium · Cybersecurity
📰
One login for you and your AI agents. Zero long-lived keys.
Simplify cloud access for humans and AI agents with a tool that eliminates long-lived keys
Medium · Cybersecurity
📰
Zero Trust Starts Before Login: Lessons From Cloud Security
Learn how Zero Trust security starts before login and its importance in cloud security
Medium · DevOps
Up next
What is DevSecOps Explained with Examples
VLR Software Training
Watch →