Скачать или смотреть UltraTech- TryHackMe CTF Walkthrough!

UltraTech- TryHackMe CTF Walkthrough!

Скачать UltraTech- TryHackMe CTF Walkthrough! бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно UltraTech- TryHackMe CTF Walkthrough! или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку UltraTech- TryHackMe CTF Walkthrough! бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео UltraTech- TryHackMe CTF Walkthrough!

UltraTech CTF Walkthrough with explanation for beginners!

This was an awesome room which demonstrated why proper enumeration is incredible important! An unfinished web page which hosted a REST API gave us command execution. From there, we were able to find hashes in a leaked database. After we get that initial foothold, we are able to break out of our docker container and obtain root!

THM Room - https://tryhackme.com/r/room/ultratech1

My Github (More walkthroughs!) - https://github.com/NTHSec/CTF-Writeups

--------------------------------------------------------------------------------------------------
Time Stamps:

0:00 - Intro
0:50 - Initial Nmap Scans
1:30 - Enumerating FTP
2:45 - Enumerating port 8081- http
3:15 - Gobuster scan of port 8081
3:40 - Exploring the directories of port 8081
5:10 - Full Nmap scan
6:30 - Exploring the website on port 31331
7:20 - Putting potential usernames into a users.txt file
8:15 - Using hydra to brute force the ftp service with users.txt
9:55 - Continued UltraTech website enumeration
10:30 - Running GoBuster on the UltraTech website
11:20 - Looking at the robots.txt file
12:15 - Exploring the new partners.html page
13:00 - Discovering how the API works
15:40 - Looking at the /ping API
17:30 - Trying to find command injection in the /ping API
19:15 - Discovering command execution, enumerating the www user
19:45 - Finding a database and credentials for user r00t and admin
21:30 - Cracking the r00t and admin hashes
27:15 - SSHing into the server as r00t
28:00 - Poking around the r00t's files
29:30 - Transferring and running linpeas Note: I didn't show it here, but you can't run sudo -l because r00t doesn't have any sudo privileges
32:00 - Researching Docker Priv Esc and breaking out of our container
33:55 - ROOT!
35:05 - Outro

--------------------------------------------------------------------------------------------------

Tools used in this video:

Kali Linux - https://www.kali.org

Nmap - https://nmap.org

Gobuster - https://github.com/OJ/gobuster

GTFOBins - https://gtfobins.github.io/

-------------------------------------------------------------------------------------

Any constructive criticism is always appreciated! Please let me know what you would like to see next or something I can improve in the comments!

I hope you learned something today, and happy hacking!

Комментарии

Информация по комментариям в разработке