DX2: Hell's Kitchen TryHackMe Walkthrough | Hard

hackingctfstalkscybersecurityredteamtryhackme

Скачать DX2: Hell's Kitchen TryHackMe Walkthrough | Hard бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно DX2: Hell's Kitchen TryHackMe Walkthrough | Hard или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку DX2: Hell's Kitchen TryHackMe Walkthrough | Hard бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео DX2: Hell's Kitchen TryHackMe Walkthrough | Hard

In this video we are doing tryhackme's new ctf challenge - dx2hellskitchen made by - [ https://tryhackme.com/p/Aquinas ]. Here we got a hotel booking website on port 80 and a NYComm login portal on port 4346, we'll exploit SQLi on one of the api endpoint and dump the database where we find the login credentials to use on port 4346 and then will make use of the web-socket and interact with it from our browser's console in developer tools and later we'll find out we can actually send linux commands to the socket and get our initial foothold on the box as user gilbert. From there we will find sandra user's password in a file (basically a note she left) and escalate to sandra, after that we got jojo's password in a jpg file we found in Picture directory inside sandra's home directory, furthur we'll escalate our privileges to root by exploiting sudo permissions on mount.nfs command that'll enable us to mount a nfs share on the box and copy bash over to the mounted share and making it an suid and getting into root shell. Hope you'll learn something new. 🙏🚀❤️

Please leave a comment! Happy Weekend

[ tryhackme - https://tryhackme.com/r/room/dx2hells... ]

⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Intro
⌨️ 0:20 ⏩ Starting CTF (Initial Enumeration)
⌨️ 5:07 ⏩ Founding SQLi on endpoint - /api/booking-info?booking_key=
⌨️ 11:43 ⏩ Logging on NYComm login portal using creds we found in the database
⌨️ 32:20 ⏩ Getting the initial shell as gilbert
⌨️ 33:55 ⏩ Escalating to user sandra
⌨️ 35:35 ⏩ Escalating to user Jojo
⌨️ 40:27 ⏩ PrivEsc to root
⌨️ 50:09 ⏩ Final POVs

Follow me on social media:
●   / hoodietramp
●   / hoodietramp

Blog:
● https://blog.h00dy.me

Github:
● https://github.com/hoodietramp

Mastodon:
● https://mastodon.social/@h00dy
● https://defcon.social/@h00dy
● https://infosec.exchange/@h00dy

Join 345y🛸:
●   / discord

Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: https://buymeacoffee.com/h00dy

#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting