27
7 787

1:25:40

HackTheBox - Usage

52:35

HackTheBox - IClean

48:24

HackTheBox - WifineticTwo

50:08

HackTheBox - Headless

34:02

HackTheBox - Perfection

49:54

HackTheBox - Runner

🔐 HackTheBox Walkthrough: Runner | Medium Difficulty | Linux 🐧
In this video, I'll take you through the exploitation of the Runner machine on HackTheBox, a medium-difficulty Linux box packed with real-world vulnerabilities and challenges.
🏃‍♂️ The journey begins with leveraging a vulnerability in TeamCity (CVE-2023-42793), allowing us to bypass authentication and extract an API token. This token opens the door to debug features that let us execute system commands. By accessing the TeamCity Docker container, we compress HSQLDB database files, extract credentials for one user, and find an SSH private key for another. After cracking the key's password, we gain access to the host filesystem.
🔍 While exploring, we discover a Portainer instance running on a subdomain. With the user's credentials, we authenticate and find a way to create images, although our privileges are limited. By checking the version of "runc" on the host, we exploit a vulnerability (CVE-2024-21626) that allows us to escape the container and gain root access through the Portainer's image build function.
💻 Finally, we create a SUID bash file on the mounted host filesystem, granting us a root shell and full control over the system.
If you're passionate about cybersecurity, CTF challenges, or just want to hone your ethical hacking skills, this walkthrough is for you! Don't forget to like, subscribe, and hit the notification bell for more deep dives into HackTheBox machines! 🔔
#CyberSecurity #HackTheBox #EthicalHacking #Linux #PenTesting #TeamCity #Portainer #VulnerabilityExploitation #CTFWalkthrough #InfoSec #RedTeam #RootAccess #DockerSecurity

มุมมอง: 67

วีดีโอ

1:25:40

HackTheBox - FormulaX

มุมมอง 79หลายเดือนก่อน

🔐 HackTheBox Walkthrough: FormulaX 🔍 | Hard Difficulty | Linux 🐧 In this video, I’ll guide you through the exploitation of the retired HackTheBox machine, FormulaX. This hard-difficulty Linux box challenges us with multiple vulnerabilities, starting with a Cross-Site Scripting (XSS) attack on a chat application that reveals a hidden subdomain. From there, we exploit a simple-git vulnerability (...

52:35

HackTheBox - Usage

มุมมอง 182หลายเดือนก่อน

🔍 HackTheBox Usage Walkthrough | Easy Linux Machine 🔍 Welcome back, cybersecurity enthusiasts! In this video, I’ll walk you through exploiting Usage, an easy-difficulty Linux machine on the HackTheBox platform. 💻🔓 ✨ Key Highlights: 📄 SQL Injection Exploitation: Discover how to exploit a SQL injection vulnerability in a blog site to dump and crack the admin's hashed password. 🔐 Admin Panel Acces...

48:24

HackTheBox - IClean

มุมมอง 2.4Kหลายเดือนก่อน

🔍 HackTheBox IClean Walkthrough | Medium Linux Machine 🔍 Welcome back, cybersecurity enthusiasts! In this video, I'll guide you through exploiting IClean, a medium-difficulty Linux machine on the HackTheBox platform. 💻🔓 ✨ Highlights of the Walkthrough: 🧹 Exploiting a Cleaning Services Website: Discover how to exploit a Cross-Site Scripting (XSS) vulnerability in the quote request form to steal ...

50:08

HackTheBox - WifineticTwo

มุมมอง 92หลายเดือนก่อน

🔍 HackTheBox WifineticTwo Walkthrough | Medium Linux Machine 🔍 Welcome back, cybersecurity enthusiasts! In this video, I'll guide you through exploiting WifineticTwo, a medium-difficulty Linux machine on the HackTheBox platform. 💻🔓 ✨ Highlights of the Walkthrough: 🌐 OpenPLC Exploitation: Discover how to exploit OpenPLC running on port 8080 using CVE-2021-31630 to achieve Remote Code Execution. ...

34:02

HackTheBox - Headless

มุมมอง 862 หลายเดือนก่อน

🔍 HackTheBox Headless Walkthrough | Easy Linux Machine 🔍 Welcome back, cybersecurity enthusiasts! In this video, I'll take you through the exploitation of Headless, an easy-difficulty Linux machine on the HackTheBox platform. 💻🔓 ✨ Highlights of the Walkthrough: 🖥️ Exploit a Python Werkzeug Server: Learn how to identify and exploit a blind Cross-Site Scripting (XSS) vulnerability via the User-Ag...

49:54

HackTheBox - Perfection

มุมมอง 1252 หลายเดือนก่อน

🔍 HackTheBox Perfection Walkthrough | Easy Linux Machine 🔍 Welcome to my latest HackTheBox walkthrough! In this video, we dive into Perfection, an easy-rated Linux machine that will put your hacking skills to the test. 💻🛠️ ✨ Highlights of the Video: 📊 Exploit a Vulnerable Web Application: Discover how a simple student score calculator hides a Server-Side Template Injection (SSTI) vulnerability....

56:19

HackTheBox - Crafty

มุมมอง 7383 หลายเดือนก่อน

🔍💻 Crafty Walkthrough | HackTheBox Retired Machine Welcome to my in-depth walkthrough of the retired HackTheBox machine, Crafty! 🛠️🔒 In this video, we'll tackle: 🔍 Enumeration: Discovering open ports and services. 🔧 Vulnerability Research: Identifying weak points in a Minecraft server version vulnerable Log4shell (CVE-2021-44228). 📚 Public Exploits: Leveraging known exploits to gain access. 🕵️‍...

50:00

TryHackMe - SQHell

มุมมอง 3204 หลายเดือนก่อน

In this video, we dive into the TryHackMe room "SQHell" and demonstrate how to exploit intermediate to advanced SQL injection vulnerabilities. Learn the techniques to bypass protections and extract sensitive data! 💻🔥 🔔 Like, Subscribe & Hit the Bell for More! 🔔 #SQLInjection #TryHackMe #Cybersecurity #EthicalHacking #PenTesting

SQL Injection - Task 10 | Remediation | TryHackMe

7:15

SQL Injection - Task 10 | Remediation | TryHackMe

มุมมอง 654 หลายเดือนก่อน

🔒 Delve into the final task (Task 10) of our SQL Injection video series! 🎬 Discover essential remediation methods to safeguard your databases against SQL injection attacks. Learn about the power of prepared statements, input validation, and special character escaping to fortify your defenses. 💡💻 #Cybersecurity #SQLInjection #RemediationMethods 🚀

SQL Injection - Task 9 | Out-of-Band SQLi | TryHackMe

3:50

SQL Injection - Task 9 | Out-of-Band SQLi | TryHackMe

มุมมอง 3054 หลายเดือนก่อน

🔍 Explore Out-of-Band SQL Injection in Task 9 of our SQL Injection video series! 🎥 Learn how to exploit vulnerabilities using alternative communication channels and extract data from the database.

SQL Injection - Task 8 | Blind SQLi - Time Based | TryHackMe

18:35

SQL Injection - Task 8 | Blind SQLi - Time Based | TryHackMe

มุมมอง 7204 หลายเดือนก่อน

This video explores time-based SQL injection, a technique that uses delays (think: ⏳ ) to extract information from a database!. Learn how to combine UNION SELECT statements with the sleep() method to uncover vulnerabilities in real-time

SQL Injection - Task 7 | Blind SQLi - Boolean Based | TryHackMe

28:06

SQL Injection - Task 7 | Blind SQLi - Boolean Based | TryHackMe

มุมมอง 3324 หลายเดือนก่อน

Explore boolean-based SQL injection techniques in this SQL task. In the lab, a vulnerable API endpoint is exploited using UNION SELECT statements to manually extract valuable data from the database

SQL Injection - Task 6 | Blind SQLi - Authentication Bypass | TryHackMe

7:18

SQL Injection - Task 6 | Blind SQLi - Authentication Bypass | TryHackMe

มุมมอง 2674 หลายเดือนก่อน

Usernames and passwords not enough? This video explores blind SQL injection, a sneaky technique attackers use to bypass authentication

SQL Injection - Task 5 | In-Band SQLi | TryHackMe

18:36

SQL Injection - Task 5 | In-Band SQLi | TryHackMe

มุมมอง 5154 หลายเดือนก่อน

Task 5: Let's dive into the world of in-band SQL injection! 🚀 Join me in the lab as we exploit an error-based SQLi vulnerability using UNION SELECT statements. Get hands-on experience with real-world scenarios. #CybersecurityLab 🛠️💻

SQL Injection - Task 4 | What is SQL Injection? | TryHackMe

6:50

SQL Injection - Task 4 | What is SQL Injection? | TryHackMe

มุมมอง 594 หลายเดือนก่อน

SQL Injection - Task 4 | What is SQL Injection? | TryHackMe

SQL Injection - Task 3 | Wat is SQL? | TryHackMe

16:37

SQL Injection - Task 3 | Wat is SQL? | TryHackMe

มุมมอง 624 หลายเดือนก่อน

SQL Injection - Task 3 | Wat is SQL? | TryHackMe

SQL Injection - Task 2 | What is a Database? | TryHackMe

7:40

SQL Injection - Task 2 | What is a Database? | TryHackMe

มุมมอง 834 หลายเดือนก่อน

SQL Injection - Task 2 | What is a Database? | TryHackMe

SQL Injection - Task 1 | Brief | TryHackMe

3:54

SQL Injection - Task 1 | Brief | TryHackMe

มุมมอง 1274 หลายเดือนก่อน

SQL Injection - Task 1 | Brief | TryHackMe

SQL Injection - Task 0 | Introduction | TryHackMe

5:41

SQL Injection - Task 0 | Introduction | TryHackMe

มุมมอง 3114 หลายเดือนก่อน

SQL Injection - Task 0 | Introduction | TryHackMe

36:49

HackTheBox - Builder

มุมมอง 4865 หลายเดือนก่อน

HackTheBox - Builder

1:11:11

HackTheBox - Jupiter

มุมมอง 2511 หลายเดือนก่อน

HackTheBox - Jupiter

37:16

HackTheBox - Timelapse

มุมมอง 332 ปีที่แล้ว

HackTheBox - Timelapse

51:28

HackTheBox - Late

มุมมอง 582 ปีที่แล้ว

HackTheBox - Late

33:08

TryHackMe - Brooklyn99

มุมมอง 612 ปีที่แล้ว

TryHackMe - Brooklyn99

53:47

TryHackMe - Lian Yu

มุมมอง 1352 ปีที่แล้ว

TryHackMe - Lian Yu

6:35

Intro To Practical Hacking

มุมมอง 642 ปีที่แล้ว

Intro To Practical Hacking

ความคิดเห็น

@Asherid6232 13 วันที่ผ่านมา
Thank you so much for this. After the 6th task, it seemed easy but the Boolean process is just so tedious. It's like doing a bruteforce attack purely analog. What is the reasoning of using the != wildcard after you've already discovered the table or column name though?
@cybermasus 7 วันที่ผ่านมา
Right, boolean and time-based sqli's can be a pain when trying to exploit them manually, especially in large/complex database structures. always look into automating the exploitation process or using tools like sqlmap. understanding of the manual exploitation process is useful when creating automation scripts or troubleshooting tools that are not giving the desired results. In response to the reasoning for using '!=' operator, this is often used to eliminate information we've already discovered during the brute-force process. for instance, if you are enumeration column names for the same database and table, using '!=' will ensure you don't enumerate same column name more than once
@aarfeenanees9147 หลายเดือนก่อน
This room is probably bugges because when I injected where database() like 'sql______';-- it worked. Although its clear sqli_four is the database we are meant to work with
@cybermasus หลายเดือนก่อน
yes will certainly be a bug. great finding though
@pierluigirizza2140 29 วันที่ผ่านมา
I also thought it was a bug, but actually "_" is a special character for "find". you need to escape it (fin "\_").
@cybermasus 28 วันที่ผ่านมา
@@pierluigirizza2140 good point. In SQL queries, the underscore is a special character used as a single-character wildcard. For example, the pattern "_a_" would match any three-character string where the second character is "a"
@mahdi_begg1239 หลายเดือนก่อน
Bro you are amazing, keep up the work
@mabior2667 หลายเดือนก่อน
Wow. Very informative walkthrough
@cybermasus หลายเดือนก่อน
glad you liked the walkthrough. the plan is to make more of these when i have the time
@toluwaniolasope1517 หลายเดือนก่อน
Thank you bro for this But my burpsuite isn't working
@cybermasus หลายเดือนก่อน
I will need more context about your issue to be able to advise. let me know how burpsuite is behaving when you try to intercept traffic and whether you've configured proxy settings in your web browser to work with burp
@johnsteve1276 หลายเดือนก่อน
So LIT, bro.
@scratchthegamedev9789 หลายเดือนก่อน
Yo bro this helped me get root flag i was struggling thanks man cheers 🙌👏🔥
@cybermasus หลายเดือนก่อน
glad my video helped 😊
@whateveritis0 หลายเดือนก่อน
🎉
@moost9239 หลายเดือนก่อน
I feel like you were a bit off track and didn't scroll down alongside the questions. Just my honest opinion. Great effort on the video
@cybermasus หลายเดือนก่อน
Yh good point. I intentionally didn't scroll down along the questions so I could solve the challenge my own way. By doing so, I get to make mistakes, troubleshoot, and resolve issues as I go. I appreciate you feedback
@moost9239 หลายเดือนก่อน
@@cybermasus When you put it like that, I sort of take back my comment. Thank you for your reply. Best of luck in your TH-cam Journey!
@AmineZiani-jk3lc 2 หลายเดือนก่อน
You chose the best technique to find all the tasks Good job man👏👏
@cybermasus 2 หลายเดือนก่อน
yeah right, i try to go for techniques that are easy to understand
@steve-maheshsingh7553 2 หลายเดือนก่อน
Thanks, I was stuck on this one.
@cybermasus 2 หลายเดือนก่อน
I'm glad my video was helpful 😊
@ProgrammingWala-pw 3 หลายเดือนก่อน
Which username u put in this command
@cybermasus 2 หลายเดือนก่อน
i typed so many commands. let me know what specific command then i can help with answer
@agentofenhanced2428 3 หลายเดือนก่อน
im just getting into cybersecurity barely getting around linux but its fun to watch this lol
@cybermasus 3 หลายเดือนก่อน
it’s fun navigating the linux file system from the command line. I'm sure you will have a hang of it with practice 😅
@sathsarabandara660 4 หลายเดือนก่อน
Hello. Nice video. Thanks
@cybermasus 4 หลายเดือนก่อน
@sathsarabandara660 I'm happy you like the video
@sathsarabandara660 4 หลายเดือนก่อน
Hey. I' m a beginner of this and Could you give me some start up tips and list of things that I should be focused on bug bounty please?
@cybermasus 4 หลายเดือนก่อน
@@sathsarabandara660 try out some web based exercises on TryHackMe, portswigger labs, and HackTheBox. Once you level up your skills, register on bug bounty platforms like HackerOne and Bugcrowd to get started
@sathsarabandara660 4 หลายเดือนก่อน
@@cybermasus Thank you so much for your help.
@Saeed_Khavary 11 หลายเดือนก่อน
Awesome man, keep up the good work

CyberMasus

ความคิดเห็น