In this video, we dive into the Hack The Box "Bank" machine, taking you through the entire exploitation process from initial enumeration to privilege escalation! We'll start with port scanning using Nmap and then dive into DNS zone transfer to uncover hidden subdomains. From there, we’ll perform directory enumeration with FFuf to discover sensitive directories, locate a login page, and even identify a potential information disclosure vulnerability!

🔍 What We'll Learn:

Initial Enumeration - Using Nmap to discover open ports and services.
Zone Transfer - Extracting useful DNS information to add subdomains.
FFuf for Directory & Host Enumeration - Identifying hidden directories and virtual hosts.
Credential Discovery - Gaining access using leaked credentials.
Reverse Shell Upload - Uploading a reverse shell for initial foothold.
Privilege Escalation Techniques - Navigating from www-data to root user.

**Join me on this hacking journey** where we not only help "V" get an edge at his job but also sharpen our own cybersecurity skills along the way. This one's for all the aspiring ethical hackers and HackTheBox enthusiasts out there! Don’t forget to like, subscribe, and turn on notifications to stay updated with more CTF content!

Watch Next:
Hacking Education App: [ Ссылка ]
Hacking Editorial HTB: [ Ссылка ]
Bounty Hunter HTB: [ Ссылка ]
------------------------------
Chris Alupulu's Socials:
Instagram: [ Ссылка ]
X: [ Ссылка ]
TikTok: [ Ссылка ]
BlueSky: [ Ссылка ]
Visit my website: [ Ссылка ]

My Recording Gear Used:
[ Ссылка ]

Sponsors:
Interested in sponsoring my videos? Reach out to me at: chris@alupify.com
------------------------------

TIMESTAMP:
00:00 Introduction
01:00 Nmap scan
03:10 Dig axfr scan
04:30 Viewing web app with Burp Suite
05:58 Enumeration scan with Ffuf
09:29 Information disclosure
12:00 Web app login breach
12:30 File upload reverse shell
19:50 Rev Shell Generator with netcat listener
21:15 Web app foothold breached
21:45 TTY reverse shell upgrade
23:25 Privilege escalation to root user
27:56 Outro

Think you're ready for a bigger challenge?

🔥 Hack The Box Pro Labs offer advanced, real-world network simulations like Dante, Offshore, and Cybernetics. Dive deep into hands-on environments built to level up your skills in hacking, Active Directory, and red teaming.

Perfect for sharpening your expertise and exploring real corporate network setups. Get started today!

Blog: Bank Sanity Check & Thought Dumps
[ Ссылка ]

#ethicalhackingtraining #htb #hackthebox #cybersecurity #cybersecuritytutorial #cybersecurityforbeginners #ethicalhacker #ethicalhackingtutorial

Affiliate Disclaimer:
This video includes affiliate links and if you use them, I may earn a small commission at no extra cost to you. 🔥 Thanks for supporting the channel!

👉 Hack The Box Affiliate Link 👈

[ Ссылка ]

Shop my gear -
Amazon Storefront:
[ Ссылка ]

DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.

Tags:
Hack The Box Bank walkthrough, ethical hacking tutorial, penetration testing guide, web app security, Linux privilege escalation, Nmap port scanning, DNS zone transfer, FFuf directory enumeration, cybersecurity for beginners, reverse shell techniques, information disclosure vulnerabilities, credential discovery, bug bounty hunting tips, infosec training, web app exploitation, red team tactics, cybersecurity basics, Hack The Box challenges, network security analysis, hacking real-world scenarios

свернуть