Hacking Trick [HackTheBox Walkthrough]

Описание: Welcome back guys!
Second video of the week, this time we’re diving into a fun Linux box from HackTheBox called Trick.
The box wasn't particularly difficult but fun. Hopefully going forward, Ill start having to deal with Active Directory more. But it's nice to get back into the rythm of things.

Please Like & Subscribe if you enjoyed, and want to stick around for the coming videos.


==================================================

Link to Trick:
https://app.hackthebox.com/machines/477

I hope you enjoy!

Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated


If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming.

You can join with this link:
https://referral.hackthebox.com/mz2rqum
==================================================

00:00 Introduction & Setup
01:27 Running Autorecon Enumeration
02:24 Enumerating DNS
03:32 Using Zone Transfer to find a new Domain name
05:05 Enumerating the Domains in the Browser
06:29 Manual Recon
07:33 Enumerating HTTP
08:53 Bruteforcing directories using dirsearch
10:04 VHOST-Fuzzing using ffuf
17:15 Looking for CVE of the Webhost Software
20:24 Autorecon finally finished
23:09 Investigating Public POCs for Payroll Management System
25:20 Attempting RCE exploit - Fail!
27:10 Exploiting Sqli
33:31 Using SQLmap to further enumerate the DB
39:04 Investigating the 3rd Domain - Marketing
41:18 Attempting to exploit LFI
45:54 Using the LFI to discover internal user & extracting an SSH Key
49:30 Connecting via SSH
54:14 Looking for a privesc vector through Fail2Ban
58:12 Editing iptables-multiport.conf to set SETUID bit instead of banning a user and getting root
1:05:45 Getting root
1:08:20 Review


Music: KaizanBlu
Tracks used: “Cold Nights”, “Cote d’Azur”, “Constellation”, “Dusk”, “Dulcet”, “Embers”, “Edenic”, “Elements”, “Gemini”, “Lights”, “Flight Time”, “Hypha”, “Gleam”, “Halcyon”, “Losing You”, “Lilac”, “Equanimity”, “Gravity”, “Hvitserkur”, “Lowlights”, “Majestic”, “Motion”, “Midnight Drive”, “Obscure”, “Oxygen”, “Mizutori”, “Mystique”.