Hacking Algernon [Proving-Grounds Walkthrough]
Вставка
- Опубліковано 27 вер 2024
- Short but fun. As long as we keep learning, no box is too easy. The quest continues.
I hope you enjoy!
This is another one of the Boxes recommended by TJnull, to pwn in preparation for Pen-200(2023) otherwise known as the OSCP examination.(Offensive Security Certified Penetration Tester)
You can find the document here:
docs.google.co...
link to Proving Grounds:
portal.offsec....
I hope you enjoy!
Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated
If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming.
==================================================
00:0 Introduction & Setup
01:32 Recon
04:59 Enuermation - FTP
06:23 Quickly Downloading FTP content
12:14 Enumeration - HTTP Port 80
14:17 Enumeration - HTTP Port 9998
15:52 Dirsearch
18:22 Fingerprinting SmarterMail
22:35 Enumerating Port 17001
24:17 Hail Mary ?
25:24 NOPE!
30:27 It's the little things in life...
33:14 Looking for an Exploit
36:26 Root.txt
37:51 What did we learn?
==================================================
Music:
# C Y G N - BODY N SOUL [Full LP]
# Vanilla - Summer
Link:
• C Y G N - BODY N SOUL ...
• Vanilla - Summer
Going in order of ports is a game changer! avoiding the OSCP rabbit holes at all costs 😵💫 nice one Jimmy
It has also helped me tremendously so far! Thank you!
Although this one was easy in terms of the path to root, i think it really highlights the importance of proper enumeration amd not going down rabbit holes until you've exhausted Enumeration. Great video like always 👊
Absolutely, this is why I enjoyed creating this video. Because you can see how close I got to missing things. Thank you for the support 🙏🏾
Great stuff - i like your methodology to document everything ....
Thank you very much. I'm glad you enjoyed it!
Hi, Can you please elaborate the vulnerability or situation you found @25.30 can you categorise this as a lable. THanks
I didn't find a vulnerability. I just found the build version of smartermail which then allowed me to find an exploit
DONT STOP DOING THIS BRO .... I LOVE IT AND I LEARNED A LOT THANK YOU SO MUCH
hahah no worries man, I'm not anywhere close to stopping!