HackTheBox: Взламываю web средней сложности SURVEILLANCE.HTB | КАК ПРОЙТИ SURVEILLANCE.HTB

Friends, creating each episode is a significant investment of time and effort. If you like what I do and want to support me, I'd be happy to help! Also, if you'd like to improve your skills, I'd be happy if you registered on HackTheBox using my referral link: 👉 https://hacktheboxltd.sjv.io/4GEgKM Thank you for your support! 💙 How to solve the SURVEILLANCE machine on HackTheBox? In this video, I demonstrate a moderately difficult Linux machine called SURVEILLANCE on the HackTheBox platform. First, I exploit a remote code execution vulnerability in CraftCMS to persist on the machine using the www-data account. Then, I identify and access the MySQL database, where I find password hashes. After an unsuccessful attempt to crack the bcrypt hash from the CraftCMS database, I manage to find the database backup file. I find an old version of the SHA512 hash, which I successfully crack in seconds, gaining access to the user account. Using this password, I connect to the server via SSH. I find local port 8080 open, and realize it's the port for the ZoneMinder video surveillance system. I create a port forwarder to my local machine for remote access. Then I exploit another remote code execution vulnerability in ZoneMinder and gain access as a different user with sudo privileges to run Perl scripts. I use one of these scripts to inject an arbitrary command, allowing me to escalate my privileges to root. I hope you find this video helpful! If you have any questions, please ask in the comments – I'll be happy to help! ----------------------------------------------------------------------------------------------------- My articles and write-ups: https://maddevs.io/blog/authors/mekan... Order services: https://maddevs.io/cybersecurity/ Telegram chat: https://t.me/+ls1duJayGB44YTFi Telegram channel: https://t.me/MrCyberSec_channel Boosty.to: https://boosty.to/mrcybersec Twitter:   / _mrcybersec   HackTheBox: https://app.hackthebox.com/profile/70... LinkedIn:   / mekan-bairyev   #HackTheBox, #LinuxHacking, #CyberSecurity, #EthicalHacking, #PenTesting, #CraftCMS #ZoneMinder, #SSHAccess, #MySQLHacks, #PasswordCracking, #Bcrypt, #SHA512, #RemoteCodeExecution, #RootAccess, #PrivilegeEscalation, #InfoSec, #HackingTutorial, #CyberDefense, #NetworkSecurity, #PortForwarding, #SecurityBreach, #HackersLife, #SystemSecurity, #DigitalForensics, #SecurityTesting, #ExploitDevelopment, #CyberAttack, #SecurityVulnerability, #HackersToolbox, #TechHacks, #SecurityResearch, #DataBreach, #SudoPrivileges, #LinuxSecurity, #WebSecurity, #ITSecurity, #SecurityAwareness, #CodeExecution, #SecuritySolutions, #EthicalHacker