HTB Bashed 1/2 – Walkthrough
In this video I showcase a full walkthrough of the Bashed machine provided by the Hack The Box platform.
By doing full htb walkthroughs we will be able to put into practice what we discussed in the OSCP guide.
————————-
TIMESTAMP:
00:00 Introduction
02:25 First steps
05:30 Nmap scans
09:55 Web server enumeration
13:23 Directory index is open
15:11 Enum with gobuster
20:41 Foothold – RCE through php webshell
24:05 System enumeration
27:30 Flag – user
29:00 Pivoting – exploiting sudo -l
34:35 System enumeration
39:00 Cronjob enumeration with pspy64
43:00 PrivEsc – Reverse shell with cronjob
46:20 Flag – root
49:00 Post Exploitation – Checking cronjobs
————————-
RESOURCES:
– temporary report: https://github.com/LeonardoE95/htb/blob/main/src/machines/01-bashed/raw-bashed.org
– pspy64: https://github.com/DominicBreuker/pspy
– TLS: https://youtu.be/Wx9h5CkMwdU?si=C4V8AXIBk9Wcg3nC
————————-
CONTACTS
– Technical blog: https://blog.leonardotamiano.xyz/
– Github: https://github.com/LeonardoE95?tab=repositories
– Support my work: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ
by hexdump
linux dns server
Great explanation dude !!
I can't express how awesome your videos are! Love every second. Please keep them rolling!
Gran bel video
Great explanation 🙏 thank
excellent pls solve oscp tjnull boxes, it willbe very helpful
Great content once again hexdump!
Thanks for the awesome content man
Leonardo, I can't believe that I'm the first to comment on this video. You are doing such a good job of explaining the WHOLE process, and not just a quick walkthrough. Please keep these video coming. As someone who want's to pass OSCP I Iove they way that you talk through your whole thought process, and not just say this is how you exploit the machine. I'm looking forward to the next video where you do a write-up based on the notes that you've taken.
I am sure that you will inspire and encourage others and much as you do me.