Hacking Servmon [HackTheBox Walkthrough] скачать в хорошем качестве

Hacking Servmon [HackTheBox Walkthrough]

Today we covered Servmon. One of the easiest boxes we've done yet. To gain initial foothold we exploited a directory traversal vulnerability in the NVMS-1000 service, dubbed CVE 2019-20085, which led to internal file disclosure. Once in, we enumerated an internal Program running as root that was accessible through local port forward. After finding a password to log into the admin panel we were able to run scripts as root, which we did through an exploit we found online..script kiddie style. This is another one of the Boxes recommended by TJnull, to pwn in preparation for Pen-200(2023) otherwise known as the OSCP examination.(Offensive Security Certified Penetration Tester) You can find the document here: https://docs.google.com/spreadsheets/... link to HTB Servmon: https://app.hackthebox.com/machines/S... I hope you enjoy! Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming. You can join with this link: https://referral.hackthebox.com/mz2rqum ================================================== 00:00 Welcome 00:42 Setup 01:19 Recon 07:14 Enumeration - FTP 11:16 Enumeration - SSH 12:09 Enumeration - HTTP 14:06 Enumeration - SMB 14:40 Enumeration - HTTPS 17:34 Looking for an exploit 20:56 Exploiting Directory Traversal 23:21 Remember Nadine's Message... 25:25 Checking for valid Credentials - SMB 26:59 Exploring our level of access 28:59 Password reuse? - SSH 29:49 Initial Foothold 30:27 Internal enumeration 31:55 Planning the next step 32:12 Automated Enumeration - WinPEAS 34:35 Manual Enumeration 35:47 NSClient++ 36:15 Looking for an Exploit 37:43 Finding NSClient++ Password 41:48 Local Port Forward 43:44 Browsing to NSClient++ on Localhost 44:48 I MUST CONFESS... 45:21 Setting the Stage for Exploit 47:43 Exploiting NSClient++ - Quick Method 48:58 Root.txt If you want to enjoy the music I use in the videos, go to my playlist "Cyber Beats" @    • CyberBeats  , here I will add all music I use, for you to enjoy! Music: Örsten - Fleur Blanche Link:    • Örsten - Fleur Blanche