Hacking UpDown [HackTheBox Walkthrough] скачать в хорошем качестве

Hacking UpDown [HackTheBox Walkthrough]

In this Video, I will be going through the box UpDown, by Hack The Box. This was a very fun but much more advanced box. It forced me to think about security measures in place a lot more, as well as revisit some much needed PHP knowledge that I have to work on. I've come to terms with the fact that PHP is simply still king as per https://w3techs.com/technologies/over..., so I need to constantly work harder on my knowledge of PHP. But I'm getting better! This is one of the Boxes recommended by TJnull's recommended list of machines to pwn in preparation for Pen-200(2023) otherwise known as the OSCP examination.(Offensive Security Certified Penetration Tester) You can find the list here: https://docs.google.com/spreadsheets/... link to HTB UpDown: https://app.hackthebox.com/machines/U... There is an alternative method to gain initial foothold. This method is best explained by the one and only Ippsec @   • HackTheBox - UpDown   I hope you enjoy! Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming. You can join with this link: https://referral.hackthebox.com/mz2rqum ================================================== 00:00 Introduction 00:25 Thank you! 00:50 Setup and Initial Reconnaissance 03:37 SSH and HTTP Analysis 04:58 Deep Dive into HTTP Enumeration 07:33 updating /etc/hosts 10:15 Subdomain & Directory Bruteforcing 16:36 Website Functionality 17:39 Using GitDumper for .git Directory 21:11 Adding subdomain to /etc/hosts 23:57 Adding required Header 26:18 Exploring .git Dump 28:43 Finding LFI 30:28 Brainstorming for files to upload 33:02 No ZIP? No Problem 36:00 LFI via PHP Archive Wrapper?? 38:54 Testing our Hypothesis 42:48 Code Execution 'Hello World' 48:21 Hunting for phpinfo() 52:57 Bypassing Disabled Functions 55:32 Adding custom header to dfunc 59:22 Crafting a Reverse Shell 1:04:28 Initial Foothold 1:06:32 Upgrading Shell 1:07:51 Internal Enumeration 1:12:40 Privesc Vector Found? 1:14:34 Python2 Command Injection 1:16:07 Setuid 1:17:22 Stealing SSH Keys 1:19:48 SSh as Developer 1:21:42 Sudo -l 1:22:50 GTFOBins 1:24:07 Root.txt Music: Godriguez - Make This Magic Link:    • Make This Magic by Godriguez