Busqueda - Hackthebox (OSCP Prep) - TJ Nulls

Channel:
United States NoxLumens
Subscribers:
1,270
Published on ● Video Link: https://www.youtube.com/watch?v=OYGJVGWPOK0


Duration: 34:32
1,128 views
29

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to root , we discover credentials within a Git config file, allowing us to log into a local Gitea service. Additionally, we uncover that a system checkup script can be executed with root privileges by a specific user. By utilizing this script, we enumerate Docker containers that reveal credentials for the administrator user's Gitea account. Further analysis of the system checkup script's source code in a Git repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with root privileges.

Skills Required
Web Enumeration
Linux Fundamentals
Python Basics

------------------

Skills Learned
Command Injection
Source-code Analysis
Docker Basics

------------------
Tools
- manual enumeration
- CVE
------------------
Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/179139
Twitch: https://twitch.tv/noxlumens



Other Videos By NoxLumens


2024-05-24TryHackMe - CyberLens - Hack Smarter
2024-05-18Amaterasu - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-11Driftingblue6 - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-03Election - Proving Grounds Play - TJ Nulls OSCP Prep
2024-04-23Blogger - Proving Grounds Play (TJ Nulls OSCP Prep)
2024-04-04Pandora - Hackthebox OSCP Prep TJ Nulls
2024-03-28Broker - Hackthebox OSCP Prep TJ Nulls
2024-03-27Updown - Hackthebox - OSCP Prep TJ Nulls
2024-03-26Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
2024-03-19Blackfield - Hackthebox (OSCP Prep) TJ Nullls
2024-03-16Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
2024-03-15Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
2024-03-14StreamIO - Hackthebox
2024-03-08How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
2024-03-06Support - HacktheBox (OSCP Prep) - TJ NULLS
2024-03-05Servmon - Hackthebox (OSCP Prep)
2024-03-04Escape - Hackthebox (OSCP Prep)
2024-03-03catchGame
2024-03-03100 SUBS! - Am I a "l33t" Hacker Yet?
2024-02-24Active - Hackthebox (OSCP Prep)
2024-02-23OSCP Practice: Proving Grounds CTF-200-08


Tags:
noxlumens
noxlumen
hacking
cyber security
oscp
oscp prep
kali linux
hacker
malware
active directory
pentesting
web app pentesting
network pentesting
cyber ctf
offsec
offsec oscp
offsec proving grounds
gobuster
ad pentesting
ad pentest
active directory pentesting
enumeration
hackthebox
netexec
tjnulls
tj nulls oscp
hackthebox servmon
ssh port forward
how to hack
how to be a hacker
hacking for beginners
hackthebox training
busquea hackthebox
busqueda
search