HackTheBox Zipper Walkthrough - Penetration Testing

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=9ceP2o9nrIs


Category:
Walkthrough
Duration: 13:25
2,726 views
0

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people. It is an online platform to test and advance your skills in penetration testing and cyber security, and it contains several challenges that are constantly updated. To start challenges on HTB, you will need to find an invite code by 'hacking' your way in.

In this video we will be penetration testing Hack The Box Zipper. The goal of this pentest is to achieve unrestricted root execution by finding and exploiting security vulnerabilities. We complete this video on a kali linux machine and use several tools such as putty, nmap, or ncat to find and use exploits. This video has 11 steps and is a slightly more advanced pentest tutorial than previous yPuffy or SolidState walkthroughs:

We start by scanning the ports with Nmap. When we do not find much, we run a brute force scan against the apache directories with dirsearch and a dirbuster word list. We find a Zabbix installation with our dirsearch and use this to find a user named zapper. We guess zapper's password which is also conveniently his name and log into Zabbix-CLI tools with to explore remote system as Super Admin. Once we are inside, we add zapper user to Zabbix administrators group and give access to front end, which allows us entry into the Zabbix GUI. From the GUI, we create a reverse shell script with perl, use that reverse shell to explore zapper's home directory for his RSA key, and copy that RSA key to open a new shell under user Zapper. We then run ltrace on zabbix service to find calls to systemctl and run a path interception attack by replacing the zapper service start routine with a root shell.

Support us on Patreon: http://bit.ly/38mnveC
Discussion : https://bit.ly/2F8iBrM

Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC

Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu

#HackTheBox #PenetrationTesting #EthicalHacking



Other Videos By Guided Hacking


2021-02-04Learn How to Unpack PECompact Tutorial
2021-01-24TryHackMe RootMe Walkthrough Tutorial - Pentesting
2021-01-08How to Unpack VMProtect Tutorial - no virtualization
2020-12-29How to Unpack Ramnit Dropper - Malware Unpacking Tutorial 2
2020-12-22How to Unpack FlawedAmmyy - Malware Unpacking Tutorial
2020-12-15How to Use r2pipe with Python - Radare2 Tutorial
2020-11-30CS420 8 - How to Edit Assembly Tutorial
2020-09-28HackTheBox SolidState Walkthrough - Penetration Testing
2020-09-17HackTheBox yPuffy Walkthrough - Penetration Testing
2020-09-09Ziggy KeyGenMe #1 Tutorial with Python Script
2020-09-05HackTheBox Zipper Walkthrough - Penetration Testing
2020-08-22Practical Reverse Engineering RtlValidateUnicodeString Pg 35 Exercise 5
2020-08-15Ziggy's KeyGenMe #0 Reverse Engineering Tutorial
2020-08-12Kernel Driver Write Process Memory - MmCopyVirtualMemory Tutorial 2/2
2020-08-12How to Write Memory from Kernel - MmCopyVirtualMemory Tutorial 1/2
2020-08-08How to debug a Virtual Machine with WinDBG Tutorial - KeInitializeDpc
2020-08-05Practical Malware Analysis Ida Pro Tutorial Chapter 5 Lab 5
2020-07-29How to solve Pride #1 CrackMe Tutorial - Beginner Level
2020-07-26HackTheBox Irked Walkthrough - UnrealIRCd Exploit
2020-07-22How to Unpack Malware, How to use Imprec, How to find OEP
2020-07-18How to Hack Gwent - Witcher 3 Cheat Engine Tutorial


Tags:
guidedhacking
HackTheBox Zipper
hackthebox
zipper walkthrough
hackthebox walkthrough
hackthebox setup
hackthebox tutorial for beginners
ethical hacking
hack the box
hack the box walkthrough
hack the box setup
hack the box tutorial windows
hack the box academy tutorial