HackTheBox - Fighter Walkthrough

Explore a comprehensive walkthrough of exploiting HackTheBox's Fighter machine in this 47-minute video tutorial. Learn essential penetration testing techniques, including Nmap scanning, web application enumeration, SQL injection, shell acquisition, privilege escalation, and reverse engineering. Follow along as the instructor demonstrates subdomain enumeration, hidden directory discovery with Dirb, intercepting login requests using Burp Suite, and leveraging sqlmap for SQL injection testing. Gain insights into bypassing application whitelisting, utilizing file transfer methods, and exploiting the capcom.sys vulnerability for privilege escalation. Conclude with an analysis of the root.exe process through reverse engineering techniques.

- Introduction.
- Nmap scan review.
- Exploring port 80.
- Modifying /etc/hosts.
- Enumerating sub-domains.
- Using Dirb to find hidden directories and pages.
- Intercepting login requests with Burp.
- Using sqlmap to test for SQL injection.
- Building a custom SQL injection & Gaining a shell.
- Enumeration as the low-priv user.
- Bypassing application whitelisting using msbuild.
- Using certutil for file transfers & Gaining a Meterpreter shell.
- Using the capcom.sys exploit to elevate privileges.
- Discovering root.exe and reverse engineering the process.