Broker - Hackthebox OSCP Prep TJ Nulls

Channel:
United States NoxLumens
Subscribers:
1,270
Published on ● Video Link: https://www.youtube.com/watch?v=VHwZqwAEKkI


Duration: 30:30
1,055 views
25

Broker is an easy difficulty Linux machine hosting a version of Apache ActiveMQ . Enumerating the version of Apache ActiveMQ shows that it is vulnerable to Unauthenticated Remote Code Execution , which is leveraged to gain user access on the target. Post-exploitation enumeration reveals that the system has a sudo misconfiguration allowing the activemq user to execute sudo /usr/sbin/nginx , which is similar to the recent Zimbra disclosure and is leveraged to gain root access.

Skills Required
Basic reconnaissance skills
Linux Fundamentals
------------------
Skills Learned
Apache ActiveMQ exploitation
Nginx configuration exploitation
------------------
Tools
manual enumeration
obsidian
ActiveMQ
ActiveMQ CVE-2023-46604
------------------
My Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/179139
Twitch: https://twitch.tv/noxlumens



Other Videos By NoxLumens


2024-06-04Blackgate Walkthrough - Proving Grounds Practice TJ Null OSCP Prep
2024-06-01Helpdesk Walkthrough - Proving Grounds Practice - TJ Nulls OSCP Prep
2024-05-31Authby - Offsec Proving Grounds Practice TJ Null OSCP Prep
2024-05-25Twiggy - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-24TryHackMe - CyberLens - Hack Smarter
2024-05-18Amaterasu - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-11Driftingblue6 - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-03Election - Proving Grounds Play - TJ Nulls OSCP Prep
2024-04-23Blogger - Proving Grounds Play (TJ Nulls OSCP Prep)
2024-04-04Pandora - Hackthebox OSCP Prep TJ Nulls
2024-03-28Broker - Hackthebox OSCP Prep TJ Nulls
2024-03-27Updown - Hackthebox - OSCP Prep TJ Nulls
2024-03-26Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
2024-03-19Blackfield - Hackthebox (OSCP Prep) TJ Nullls
2024-03-16Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
2024-03-15Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
2024-03-14StreamIO - Hackthebox
2024-03-08How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
2024-03-06Support - HacktheBox (OSCP Prep) - TJ NULLS
2024-03-05Servmon - Hackthebox (OSCP Prep)
2024-03-04Escape - Hackthebox (OSCP Prep)


Tags:
noxlumens
noxlumen
hacking
cyber security
oscp
oscp prep
kali linux
hacker
malware
active directory
pentesting
web app pentesting
network pentesting
cyber ctf
offsec
offsec oscp
offsec proving grounds
gobuster
enumeration
hackthebox
netexec
tjnulls
tj nulls oscp
ssh port forward
how to hack
how to be a hacker
hacking for beginners
hackthebox training
linux enumeration