HackTheBox yPuffy Walkthrough - Penetration Testing

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=iLy_zdsUg5M


Duration: 8:28
2,227 views
74

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people.

Support us on Patreon: http://bit.ly/38mnveC
Discussion: https://guidedhacking.com/threads/hackthebox-ypuffy-walkthrough.16158/

In this video we will be penetration testing yPuffy on Hack The Box . The goal of this pentest is to achieve unrestricted root execution by finding and exploiting security vulnerabilities. We complete this video on a kali linux machine and use several tools such as putty, nmap, or ncat to find and use exploits. This video has 5 steps:

-Enumerate LDAP with Nmap
-Log into alice1978's samba share and download her security key
-Turn the putty key into a usable openSSH key
-Explore the system as alice1978 to find a privilege escalation path
-Exploit CVE-2018-14665 to escalate your shell to root.

First thing we do in this yPuffy tutorial is reconnaissance with Nmap, a free and open-source (FOSS) network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system, and in this video we will use Nmap to identify the devices connected to the network and determine the services running as well as netcat to read and write to network connections.

We start by enumerating ldap by using nmap's ldap search script. Based on the output, we are able to log in as alice1978 and use her nt-hash to log into the smbclient. We download the key from the samba share and find that it is a putty key, we use puttygen to turn this into an openssh key and with this we open an ssh session.

Once we have the SSH session open as alice we are able to determine system version with uname. We find that this system version is vulnerable to CVE-2018-14665 privilege escalation. We paste the xorg script into our ssh session to run the commands and finish this Hack the Box with root privileges.

Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC

Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
#HackTheBox #PenetrationTesting #EthicalHacking



Other Videos By Guided Hacking


2021-02-23Learn How to Unpack ASPack Tutorial
2021-02-12TryHackMe Anonymous Walkthrough Tutorial
2021-02-04Learn How to Unpack PECompact Tutorial
2021-01-24TryHackMe RootMe Walkthrough Tutorial - Pentesting
2021-01-08How to Unpack VMProtect Tutorial - no virtualization
2020-12-29How to Unpack Ramnit Dropper - Malware Unpacking Tutorial 2
2020-12-22How to Unpack FlawedAmmyy - Malware Unpacking Tutorial
2020-12-15How to Use r2pipe with Python - Radare2 Tutorial
2020-11-30CS420 8 - How to Edit Assembly Tutorial
2020-09-28HackTheBox SolidState Walkthrough - Penetration Testing
2020-09-17HackTheBox yPuffy Walkthrough - Penetration Testing
2020-09-09Ziggy KeyGenMe #1 Tutorial with Python Script
2020-09-05HackTheBox Zipper Walkthrough - Penetration Testing
2020-08-22Practical Reverse Engineering RtlValidateUnicodeString Pg 35 Exercise 5
2020-08-15Ziggy's KeyGenMe #0 Reverse Engineering Tutorial
2020-08-12Kernel Driver Write Process Memory - MmCopyVirtualMemory Tutorial 2/2
2020-08-12How to Write Memory from Kernel - MmCopyVirtualMemory Tutorial 1/2
2020-08-08How to debug a Virtual Machine with WinDBG Tutorial - KeInitializeDpc
2020-08-05Practical Malware Analysis Ida Pro Tutorial Chapter 5 Lab 5
2020-07-29How to solve Pride #1 CrackMe Tutorial - Beginner Level
2020-07-26HackTheBox Irked Walkthrough - UnrealIRCd Exploit


Tags:
guidedhacking
hackthebox
hackthebox walkthrough
kali linux
penetration testing
penetration testing cyber security
hack the box
penetration testing tools
hackthebox ypuffy
ypuffy walkthrough
htb ypuffy
ypuffy htb
htb
hackthebox tutorial
information security
htb windows
htb 2k21
hackthebox tutorial for beginners
hackthebox setup