THREE- Starting Point - Hack The Box // Walkthrough // Kali Linux
HTML-код
- Опубликовано: 27 авг 2024
- Hey Purple Team, Dan here! Today we dive into the "Three" box, a part of the Hack The Box's Starting Point series using our Kali Linux. 🛡️ NMAP TUTORIAL 👉 • NMAP Basics Tutorial f...
We tackle the challenge of exploiting a server by uploading a PHP shell into Amazon Web Services (AWS) S3, leading to remote code execution (RCE) and ultimately, capturing the flag. This demonstration is not just about hacking into a system; it's about understanding the vulnerabilities that exist within cloud environments and how they can be mitigated.
We start by exploring the setup of "Three," a seemingly innocuous box that hides its vulnerabilities behind common web technologies. The goal here is to leverage a PHP shell upload vulnerability, a classic but potent attack vector, to gain unauthorized access to the server's inner workings.
The PHP Shell Upload:
The core of our attack involves uploading a malicious PHP script to the server's AWS S3 bucket. This script is not a simple file; it's a doorway through which we can execute commands on the server. We'll walk through how to craft this PHP shell, ensuring it's stealthy enough to bypass basic security measures.
Gaining Access:
With the shell uploaded, the next phase is triggering the script to execute. This step is where the magic happens - using the shell to execute arbitrary code on the server. We'll demonstrate how to interact with the shell, sending commands back and forth, and how to maintain a stable foothold within the server.
Remote Code Execution (RCE):
Remote Code Execution is the ability to run commands on a remote server. In the context of "Three," we exploit our uploaded PHP shell to run commands that explore the server's environment, search for vulnerabilities, and eventually find and display the coveted flag.
Capturing the Flag:
The climax of our journey is capturing the flag, a token hidden within the server that proves we've successfully exploited it using Kali Linux. We'll use our RCE capabilities to navigate the server's file system, locate the flag, and reveal it on screen.
🤓 Follow Me:
/ getcyber
/ danduran-ca
getcyber.me
#HackTheBox #CyberSecurity #kalilinux
![Oasis - Oasis Live '25 [Official Trailer]](http://i.ytimg.com/vi/gol_JnuEtKM/mqdefault.jpg)
at this point i learn way more from the little stuff you add on to your vids like how to retrieve the seclists than the actual HTB exercise. I'm just gonna go through all your vids one by one. I made a new vm with kali instead of parrot due to some issues I was having and you've once again been instrumental. As always, THANK YOU!
Thanks for noticing. I will add more small steps. I think it's about learning all the quirks sometimes. Thanks!!
Amazing content subscribed ❤❤
You legit saved me with your video! Thank you
That's great! I'm happy to help!
Hey... I love your tutorials because they are simplified and they help alot...would you mind doing tier 2 walkthroughs please 🙏
Sure thing! Thank you for watching!
All your vidoe are just amazing.
Thank you so much for the priceless information.
Thanks again!!
🛡 NMAP TUTORIAL 👉 ruclips.net/video/W7076RPIgfQ/видео.html
You are the best. thanks alot!😊😊
Awesome mate, thanks for sharing
i have a problem i did thid in the website it says connected but when i try running nmap on the ip it dosent work
Thank you, your video was very helpful
You're very welcome!
Hope you liked it!
Thank you so much for watching! I really appreciate your support and I'm glad you enjoyed the video.
I didn't understand nothing.....I finished just first step yet, Meow, but accidentlly found this video and decide to watch for fun, and ....
I understand. It's not easy but it get easier as you go. Meow is the easiest. You need to go through the Tier 0 and you will understand once you get to this one. You can do it! 💪💪💪