HackTheBox SolidState Walkthrough - Penetration Testing

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=GtUdAX1d_L0


Duration: 16:30
4,117 views
62

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people.

In this Solidstate walkthrough we will be penetration testing SolidState on HackTheBox . The goal of this pentest is to achieve unrestricted root execution by finding and exploiting security vulnerabilities. We complete this video on a Kali linux machine and use several tools network and database tools to find exploits.

Support us on Patreon: http://bit.ly/38mnveC
Discussion: https://guidedhacking.com/threads/hackthebox-solidstate-walkthrough.16225/

We will do reconnaissance with Nmap, a free and open-source (FOSS) network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system, and in this video we will use Nmap to identify the devices connected to the network and determine the services running as well as netcat to read and write to network connections.

The primary exploit we find in this hackthebox solidstate is a vulnerable James mail client. Once run Nmap reconnaissance, we show how to search for exploits with searchsploit (a command-line search tool for Exploit-DB) and find exploits for the James mail client. In this video, we will be using a Remote Command Execution vulnerability (35513).

We will explore the vulnerability write a bash completion script by opening a reverse shell and then trigger that with a SSH login. We find mindy's credentials from the mail server and log into a restricted bash shell. We then force pseudo-terminal allocation to open up a bash session with no profile and escape the restricted shell. Once we escape the restricted shell, we use g0tmi1k to try to find a privilege escalation path. We eventually find a file "/opt/tmp.py" that is owned by root and editable by Mindy. Finally, we solve this Hack The Box by using Mindy's credentials to have this file execute our reverse shell with root permissions.

Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC

Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
#HackTheBox #PenetrationTesting #EthicalHacking



Other Videos By Guided Hacking


2021-03-11Malware Analysis - Gootkit Decryption with Python
2021-02-23Learn How to Unpack ASPack Tutorial
2021-02-12TryHackMe Anonymous Walkthrough Tutorial
2021-02-04Learn How to Unpack PECompact Tutorial
2021-01-24TryHackMe RootMe Walkthrough Tutorial - Pentesting
2021-01-08How to Unpack VMProtect Tutorial - no virtualization
2020-12-29How to Unpack Ramnit Dropper - Malware Unpacking Tutorial 2
2020-12-22How to Unpack FlawedAmmyy - Malware Unpacking Tutorial
2020-12-15How to Use r2pipe with Python - Radare2 Tutorial
2020-11-30CS420 8 - How to Edit Assembly Tutorial
2020-09-28HackTheBox SolidState Walkthrough - Penetration Testing
2020-09-17HackTheBox yPuffy Walkthrough - Penetration Testing
2020-09-09Ziggy KeyGenMe #1 Tutorial with Python Script
2020-09-05HackTheBox Zipper Walkthrough - Penetration Testing
2020-08-22Practical Reverse Engineering RtlValidateUnicodeString Pg 35 Exercise 5
2020-08-15Ziggy's KeyGenMe #0 Reverse Engineering Tutorial
2020-08-12Kernel Driver Write Process Memory - MmCopyVirtualMemory Tutorial 2/2
2020-08-12How to Write Memory from Kernel - MmCopyVirtualMemory Tutorial 1/2
2020-08-08How to debug a Virtual Machine with WinDBG Tutorial - KeInitializeDpc
2020-08-05Practical Malware Analysis Ida Pro Tutorial Chapter 5 Lab 5
2020-07-29How to solve Pride #1 CrackMe Tutorial - Beginner Level


Tags:
guidedhacking
privilege escalation
htb solidstate
hackthebox solidstate
solidstate walkthrough
htb solidstate walkthrough
htb solidstate tutorial
hackthebox walkthrough
information security
offensive security
penetration testing
hack the box
hack the box walkthrough
hackthebox solid state
solid state htb
solid state walkthrough
hack the box tutorial for beginners
cyber security
hack the box academy
kali linux tutorial