In this video, we tackle my friend Geiseric's different websites on an easy Linux box that focuses on web exploitation. We’ll start with enumeration, uncovering a virtual host that leads us to a vulnerable SQL injection endpoint. This allows us to bypass authentication and gain access to an admin panel. From there, we’ll discover another subdomain with a local file inclusion (LFI) vulnerability, which we’ll exploit to extract an SSH key and gain access to the machine. Finally, we’ll escalate privileges by abusing Fail2Ban misconfigurations to achieve root access.
🛠️ Techniques Covered:
✔️ Nmap scanning & DNS enumeration
✔️ SQL Injection for authentication bypass
✔️ Local File Inclusion (LFI) exploitation
✔️ Extracting SSH keys for access
✔️ Privilege escalation using Fail2Ban
This is for educational purposes only, ethical hacking helps strengthen cybersecurity! 💻🔒
📌 Subscribe for more Hack The Box walkthroughs and pentesting tips! 🔔
https://www.youtube.com/watch?v=Wiz2y4Ier-s&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=3&t=22s&ab_channel=ChrisAlupului
https://www.youtube.com/watch?v=jatKxvtG4-4&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=11&t=36s&ab_channel=ChrisAlupului
https://www.youtube.com/watch?v=TE6NWoxvm6c&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=3&t=2184s&ab_channel=ChrisAlupului
------------------------------
Chris Alupului's Socials:
Instagram: https://instagram.com/chrisalupului
X: https://x.com/chrisalupului
Tiktok: https://tiktok.com/chrisalupului
Visit my website: https://alupului.com
My Recording Gear Used:
https://www.amazon.com/shop/chrisalupului
Sponsors:
Interested in sponsoring my videos? Reach out to me at: [email protected]
------------------------------
💡 TIMESTAMPS:
00:00 Intro
00:48 Initial recon
09:46 Exploring websites for attack vector
12:30 Admin panel foothold
23:23 Server foothold & privilege escalation
33:05 Outro
Think you're ready for a bigger challenge?
🔥Hack The Box Pro Labs offer advanced, real-world network simulations like Dante, Offshore, and Cybernetics. Dive deep into hands-on environments built to level up your skills in hacking, Active Directory, and red teaming.
Perfect for sharpening your expertise and exploring real corporate network setups. Get started today!
Affiliate Disclaimer:
This video includes affiliate links and if you use them, I may earn a small commission at no extra cost to you. 🔥 Thanks for supporting the channel!
👉 Hack The Box Affiliate Link 👈
https://hacktheboxltd.sjv.io/nXk647
#ethicalhacking #htb #hackthebox #cybersecurity #cybersecuritytutorial #cybersecurityforbeginners #ethicalhacking #ethicalhackingtutorial #infosec #redteam #offensivesecurity #activedirectory #kalilinux
DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.