Today, we're tackling the Hack The Box "Editorial" machine, an easy Linux box with some intriguing twists and turns. We’ll be diving into a publishing platform that’s hiding a few secrets, and using some crafty enumeration tactics to unlock deeper access. From poking around hidden APIs to uncovering some unexpected credentials, this machine has plenty to keep us on our toes.
🔍 Here's what we'll explore together:
Clever Enumeration - Discovering ways to bypass some restrictions and gain additional insights.
Credential Gathering - Piecing together clues to find the right keys to progress.
Advanced Privilege Moves - Using a few well-known tools and vulnerabilities to make our way to root.
If you're here to sharpen your skills or just love a good challenge, this one's packed with techniques you won’t want to miss. Be sure to hit like, subscribe, and turn on notifications so you’re ready for the next hacking adventure!
💼 Pros in the industry: @7SeasSecurity @Tib3rius @TylerRamsbey
TIMESTAMPS:
00:00 Intro
01:11 Nmap port scan
03:05 Ffuf subdomain enumeration scan
04:30 Editorial website scanning
06:30 Discovering & testing potential attack vectors
17:54 Crafting curl command to test with netcat
19:30 Attack vector crafting through curl
21:40 Bash script enumeration
26:56 Uncovering new information from bash script
28:55 Viewing new information with JQ
31:28 Testing new api endpoints
35:50 Uncovering important information disclosure
37:21 Foothold gained through SSH
38:30 Exploring lateral movement
45:10 Discovering privilege escalation methods into root
52:10 Proof of concept method by Synk
55:35 Reverse shell crafting with PoC method
58:30 Root privilege escalation successful
59:00 Outro
Think you're ready for a bigger challenge?
🔥Hack The Box Pro Labs offer advanced, real-world network simulations like Dante, Offshore, and Cybernetics. Dive deep into hands-on environments built to level up your skills in hacking, Active Directory, and red teaming.
Perfect for sharpening your expertise and exploring real corporate network setups. Get started today!
#ethicalhacking #htb #hackthebox #cybersecurity #cybersecuritytutorial #cybersecurityforbeginners #ethicalhacking #ethicalhackingtutorial #infosec
Affiliate Disclaimer:
This video includes affiliate links and if you use them, I may earn a small commission at no extra cost to you. 🔥 Thanks for supporting the channel!
👉 Hack The Box Affiliate Link 👈
https://hacktheboxltd.sjv.io/nXk647
What's My Recording Gear?
Amazon Storefront: https://www.amazon.com/shop/chrisalupului/list/SFY2LSL7TUYR?ref_=cm_sw_r_cp_ud_aipsflist_Q04ST9PYWP0G6F3VA2E0_1
DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.