Pandora - Hackthebox OSCP Prep TJ Nulls

Channel:
United States NoxLumens
Subscribers:
1,270
Published on ● Video Link: https://www.youtube.com/watch?v=OzXLcOzxn0g


Duration: 49:25
485 views
16

Pandora is an easy rated Linux machine. The port scan reveals a SSH, web-server and SNMP service running on the box. Initial foothold is obtained by enumerating the SNMP service, which reveals cleartext credentials for user daniel . Host enumeration reveals Pandora FMS running on an internal port, which can be accessed through port forwarding. Lateral movement to another user called matt is achieved by chaining SQL injection & RCE vulnerabilities in the PandoraFMS service. Privilege escalation to user root is performed by exploiting a SUID binary for PATH variable injection

Skills Required
Basic Linux Knowledge
Virtual Host Enumeration
------------------
Skills Learned
SNMP enumeration
Port forwarding
SQL injection
Lateral movement
Reversing
PATH variable injection
------------------
Tools
manual enumeration
snmpwalk
ltrace
CVE-2021-32099
ssh-keygen
------------------
My Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/179139
Twitch: https://twitch.tv/noxlumens



Other Videos By NoxLumens


2024-06-08Exfiltrated - Proving Grounds Practice - TJ Nulls OSCP Prep
2024-06-04Blackgate Walkthrough - Proving Grounds Practice TJ Null OSCP Prep
2024-06-01Helpdesk Walkthrough - Proving Grounds Practice - TJ Nulls OSCP Prep
2024-05-31Authby - Offsec Proving Grounds Practice TJ Null OSCP Prep
2024-05-25Twiggy - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-24TryHackMe - CyberLens - Hack Smarter
2024-05-18Amaterasu - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-11Driftingblue6 - Proving Grounds Play -- TJ Null's OSCP Prep
2024-05-03Election - Proving Grounds Play - TJ Nulls OSCP Prep
2024-04-23Blogger - Proving Grounds Play (TJ Nulls OSCP Prep)
2024-04-04Pandora - Hackthebox OSCP Prep TJ Nulls
2024-03-28Broker - Hackthebox OSCP Prep TJ Nulls
2024-03-27Updown - Hackthebox - OSCP Prep TJ Nulls
2024-03-26Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
2024-03-19Blackfield - Hackthebox (OSCP Prep) TJ Nullls
2024-03-16Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
2024-03-15Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
2024-03-14StreamIO - Hackthebox
2024-03-08How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
2024-03-06Support - HacktheBox (OSCP Prep) - TJ NULLS
2024-03-05Servmon - Hackthebox (OSCP Prep)


Tags:
noxlumens
noxlumen
hacking
cyber security
oscp
oscp prep
kali linux
hacker
malware
active directory
pentesting
web app pentesting
network pentesting
cyber ctf
offsec
offsec oscp
offsec proving grounds
gobuster
enumeration
hackthebox
netexec
tjnulls
tj nulls oscp
ssh port forward
how to hack
how to be a hacker
hacking for beginners
hackthebox training
linux enumeration