HackTheBox – Planning Walkthrough | Grafana, Crontab, CVE-2024-9264

Описание: In this HackTheBox machine, we enumerate subdomains to discover a Grafana instance, exploit CVE-2024-9264 for remote code execution to gain initial access, use SSH port forwarding to access internal services, then escalate privileges by exploiting writable /opt directory to create a SUID bash binary for root access. If you're learning ethical hacking, OSCP, or just love seeing machines get popped... this one's for you.

📂 Scripts and Commands:
https://github.com/strikoder/CTFS/blo...

🏠 Room Link:
https://www.hackthebox.com/machines/p...

--------
⏱️ Timestamps:
00:00 - Intro & Target Overview
01:37 - Enumeration & Port Scanning
03:10 - Subdomain and DNS Fuzzing with ffuf
12:17 - CVE-2024-9264 Analysis
15:55 - Exploiting Grafana RCE
19:50 - Post-Exploitation Enumeration
--------

Follow me for more real-world hacking walkthroughs, live streams, and cert prep content 👇

💻 Labs
GitHub: https://github.com/strikoder

🎥 Streams & Short Content
Twitch:   / strikoder  
Instagram:   / strikoder  
TikTok:   / strikoder  

💬 Community & Discussions
Discord Server:   / discord  
X (Twitter): https://x.com/Strikoder

📨 Official Contact
LinkedIn:   / strikoder  
Email: [email protected]

More videos coming soon on PNPT, and OSCP prep.
Stay tuned, and thanks for the support!

#planning #oscp #pt1 #hackthebox #tryhackme #portswigger #portswiggeracademy #activedirectory #linux #windows
#ethicalhacking #cybersecurity #pentesting #ctf #infosec #enumeration #privilegeescalation #windowshacking #networksecurity #bugbounty #RedTeam #capturetheflag #hackingtools #cyberseclabs #hackermindset #Nmap #terminal #grafana #cve2024 #suidexploit #portforwarding #subdomainenum #crontab #strikoder