Hack the Box Machine Codify Walkthrough

Welcome to my latest Hack The Box machine write-up! In this video, I'll take you through the process of hacking into this challenging machine step by step. 🛠️ Tools Used: -John the ripper -Chat GPT -Moonwalk 🕵️‍♂️ Tactics/Techniques: -Remote code execution -Hash identification and cracking -Code analysis -CVE research -Covering Our Tracks: With Moonwalk -Persistence: Creating a bashrc backdoor one-liner 🔗 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3358 📋 Summary: ✅Enumeration - Host -Port 22 - SSH -Port 80 - HTTP -Port 3000 -ppp -Port 8080 -http - proxy ✅Enumeration - Web Application Browse to the application View the limitations page View the About Us page View the VM2 page Tinker with the node js sandbox environment ✅Initial Access & Horizontal Movement Research known vm2 sandbox CVE's Find reverse shell without file read and child process library calls Execute reverse shell through the editor Obtain access as low level user Manually look through var/www Locate and crack hash in /var/www/contacts/tickets.db ✅Initial Access & Horizontal Movement Research known vm2 sandbox CVE's Find reverse shell without file read and child process library calls Execute reverse shell through the editor Obtain access as low level user Manually look through var/www Locate and crack hash in /var/www/contacts/tickets.db ✅Privilege escalation Review sudo -l output Script analysis Vulnerable script identification Generate script to uncover password ✅Post Exploitation Covering our tracks with moonwalk Persistence by adding a backdoor to the bash.rc file 🏆Don't forget to check out my blog for the detailed write-up and visual workflow, which will give you a deeper understanding of the techniques used. If you find this video helpful, please like, share, and subscribe for more exciting hacking adventures! 🔗 Blog Link: https://www.cyberdonald.com/post/hack-the-box-machine-write-up-codify 🔔 Subscribe for More: https://www.youtube.com/@UCiKIYazpPHGLK93Jilwj3kQ #HackTheBox #EthicalHacking #PenetrationTesting #InfoSec #CyberSecurity