filmov
tv
HackTheBox - Traverxec | Beginner Friendly | Road to OSCP #48
Показать описание
This is a Beginner friendly pentesting video where we will be gaining system access on HackTheBox - Traverxec machine. We will be exploiting the vulnerable nostromo service to get user shell. We will then obtain the ssh keys and exploit journalctl binary to get root.
00:00 Intro
00:15 Enumeration using AutoRecon
01:47 Analyzing and exploiting nostromo directory traversal RCE
06:00 Gaining shell as user www-data and manual enumeration
13:25 Obtaining hash and obtaining password using hashcat
16:47 Analyzing web application on port 80 and nostromo config files
20:03 Finding and enumerating public_www directory
21:29 Analyzing backup SSH file and obtaining david user SSH key pair
26:43 Analyzing and obtaining SSH private key password
30:06 SSH login as user david and manual enumeration
31:30 Analyzing server-stats and sudo journalctl command
32:35 Analyzing journalctl for privilege escalation
35:25 Obtaining root shell with journalctl and minimized terminal
37:16 Obtaining root shell with journalctl and limited stty rows
38:49 Journalctl less usage explanation
41:07 Box summary and analyzing less command
#hackthebox #traverxec
00:00 Intro
00:15 Enumeration using AutoRecon
01:47 Analyzing and exploiting nostromo directory traversal RCE
06:00 Gaining shell as user www-data and manual enumeration
13:25 Obtaining hash and obtaining password using hashcat
16:47 Analyzing web application on port 80 and nostromo config files
20:03 Finding and enumerating public_www directory
21:29 Analyzing backup SSH file and obtaining david user SSH key pair
26:43 Analyzing and obtaining SSH private key password
30:06 SSH login as user david and manual enumeration
31:30 Analyzing server-stats and sudo journalctl command
32:35 Analyzing journalctl for privilege escalation
35:25 Obtaining root shell with journalctl and minimized terminal
37:16 Obtaining root shell with journalctl and limited stty rows
38:49 Journalctl less usage explanation
41:07 Box summary and analyzing less command
#hackthebox #traverxec
Комментарии