HackTheBox - Traceback Writeup

Описание: For those who are starting in the cyber security area, the Hack The Box is an online platform that allows you to test your penetration testing skills and you can exchange ideas in the hacking community with thousands of people in the security field.

The platform has a bunch of machines(active and retired) to hack, as also machines to test forensics skills, and when you feel real comfortable you can go for the challenges, pretty awesome.

In this twentieth episode, it will guide you step by step in order to hack the Traceback box. In this machine we take advantage of a backdoor left in the website, using a webshell, we made sure to upload a ssh public key so we could have access with a found user on the system. For the privilege escalation we exploited a vulnerability on the motd.d service, changing the ssh banner in order to drop in the root flag anytime a user logged in via ssh.
Globally this machine was so much fun and is very good to apply new techniques, mostly on privesc to get root. Watch and enjoy, and if you have any comments or suggestions, leave a comment down below.

Have fun...

DISCORD CHANNEL (under construction) -   / discord  

💸Donate💸
Like the channel? Please consider supporting me on Patreon:
  / defconnull  
https://paypal.com/[email protected]


HACK THE BOX - HACKING SERIES

#1 Hack the Invitation Code - https://www.youtube.com/watch?v=hnlJv...
#2 Hack The Box - Getting Started -    • #2  - Hack The Box - Getting Started  
#3 Hack The Box - Hacking Lame Box -    • HackTheBox - Lame Box Writeup  
#4 Hack The Box - Hacking Legacy Box -    • HackTheBox - Legacy Box Writeup  
#5 Hack The Box - Hacking Devel Box -    • HackTheBox - Devel Box Writeup  
#6 Hack The Box - Hacking Beep Box -    • HackTheBox  - Beep Writeup  
#7 Hack The Box - Hacking Optimum Box -    • HackTheBox - Optimum Writeup  
#8 Hack The Box - Hacking Artic Box -    • HackTheBox - Artic Box Writeup  
#9 Hack The Box - Hacking Grandpa Box -    • HackTheBox - Grandpa Box Writeup  
#10 Hack The Box - Hacking Granny Box -    • HackTheBox - Granny Box Writeup  
#11 Hack The Box - Hacking Blocky Box -    • HackTheBox - Blocky Box Writeup  
#12 Hack The Box - Hacking Mango Box -    • HackTheBox - Mango Box Write up  
#13 Hack The Box - Hacking Bank Box -    • HackTheBox - Bank Box Writeup  
#14 Hack The Box - Hacking Blue Box -    • Видео  
#15 Hack The Box - Hacking Monteverde Box -    • HackTheBox - Monteverde Box Writeup  
#16 Hack The Box - Hacking Nibbles Box -    • Видео  
#17 Hack The Box - Hacking Sauna Box -    • HackTheBox - Sauna Box Writeup  
#18 Hack The Box - Hacking Servmon Box -    • HackTheBox - Servmon Box Writeup  
#19 Hack The Box - Hacking Mirai Box -    • HackTheBox - Mirai  Writeup  


------------------------------------------------------------------------------------

HACK THE BOX - CHALLENGE SERIES

#1 Hack The Box - Reverse Engineering Snake Challenge -    • Hack The Box - Reverse Engineering Snake C...  

------------------------------------------------------------------------------------

MY HACK THE BOX HACK NOTES
https://github.com/smasher35/hacktheb...

-------------------------------------------------------------------------------------

USEFUL LINKS:

HACK THE BOX
https://www.hackthebox.eu

DECODERS:
https://cryptii.com
https://www.base64decode.org

EXPLOITS INFO:
https://www.exploit-db.com
https://opendata.rapid7.com/

------------------------------------------------------------------------------------

TOOLS AND EXPLOITS:

NMAP
https://nmap.org

ZENMAP
https://nmap.org/zenmap/


XH4H TWITTER PAGE
  / riftwhitehat  


GITHUB WEBSHELLS REPOSITORY
http://github.com/TheBinitGhimire/Web...

METASPLOIT
https://www.metasploit.com

SSH
https://www.ssh.com/ssh/


----------------------------------------------------------------------------------

HACKER BOOKS

Penetration Testing - A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3 - https://amzn.to/34XkIY2
Hacking: The Art of Exploitation - https://amzn.to/2VchDyL
The Web Application Hacker's Handbook - https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking - https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking - https://amzn.to/31HAmVx
Linux Basics for Hackers - https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition - https://amzn.to/30gINu0
Violent Python - https://amzn.to/2QoGoJn
Black Hat Python - https://amzn.to/2V9GpQk

ETHICAL HACKING COURSES
https://www.udemy.com/course/practica...
https://www.udemy.com/course/windows-...
https://www.udemy.com/course/linux-pr...

---------------------------------------------------------------

📱 FOLLOW ME: 📱

FACEBOOK:   / paulo.penich.  .
TWITTER: https://twitter.com/smasher39?lang=pt_pt
INSTAGRAM: https://www.instagram.com/smasher40/?...
500PX.com: https://500px.com/paulopenicheiro