YoVDO

HackTheBox - Fighter Walkthrough

Offered By: Cyber Mentor via YouTube

Tags

Penetration Testing Courses Cybersecurity Courses Ethical Hacking Courses Burp Suite Courses Nmap Courses

Course Description

Overview

Explore a comprehensive walkthrough of exploiting HackTheBox's Fighter machine in this 47-minute video tutorial. Learn essential penetration testing techniques, including Nmap scanning, web application enumeration, SQL injection, shell acquisition, privilege escalation, and reverse engineering. Follow along as the instructor demonstrates subdomain enumeration, hidden directory discovery with Dirb, intercepting login requests using Burp Suite, and leveraging sqlmap for SQL injection testing. Gain insights into bypassing application whitelisting, utilizing file transfer methods, and exploiting the capcom.sys vulnerability for privilege escalation. Conclude with an analysis of the root.exe process through reverse engineering techniques.

Syllabus

- Introduction.
- Nmap scan review.
- Exploring port 80.
- Modifying /etc/hosts.
- Enumerating sub-domains.
- Using Dirb to find hidden directories and pages.
- Intercepting login requests with Burp.
- Using sqlmap to test for SQL injection.
- Building a custom SQL injection & Gaining a shell.
- Enumeration as the low-priv user.
- Bypassing application whitelisting using msbuild.
- Using certutil for file transfers & Gaining a Meterpreter shell.
- Using the capcom.sys exploit to elevate privileges.
- Discovering root.exe and reverse engineering the process.


Taught by

The Cyber Mentor

Related Courses

Hacker101
HackerOne via Independent
Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera
Complete Website Ethical Hacking and Penetration Testing
Udemy
Top 5 Tools & Tricks for Ethical Hacking & Bug Bounties 2021
Udemy
Learn Burp Suite, the Nr. 1 Web Hacking Tool
Udemy