Hacking Busqueda [HackTheBox Walkthrough]

In this Video, I will be going through the box Busqueda, by Hack The Box. This is one of the Boxes recommended by TJnull's recommended list of machines to pwn in preparation for Pen-200(2023) otherwise known as the OSCP examination.(Offensive Security Certified Penetration Tester) You can find the document here: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit?pli=1#gid=665299979 link to HTB Busqueda: https://app.hackthebox.com/machines/Busqueda I hope you enjoy! Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming. You can join with this link: https://referral.hackthebox.com/mz2rqum ================================================== 00:00 - Welcome 00:18 - TjNull's Preparation List 00:45 - Setup 02:11 - Reconnaissance 03:03 - Autorecon 04:32 - Taking Notes on reconnaissance 05:10 - Update /etc/hosts 05:51 - searcher.htb 06:45 - ssh-audit 08:28 - HTTP 10:28 - Getting familiar with Searcher.htb 12:44 - Suspecting Command Injection 15:47 - Finding Public Exploit 19:42 - Initial Foothold 20:47 - Interactive Shell 22:32 - .git Hidden Folder 24:17 - First Set of Credentials 25:02 - Gitea Subdomain 27:36 - Thou mustn't re-use Passwords 28:48 - Making Sense of system-checkup.py 31:13 - WHEEL IT BACK! 32:31 - What is the format? 35:27 - It's JSON 36:17 - 2nd set of Credentials 38:35 - Scripts 43:34 - Finding the Vulnerability 45:02 - Road to Privesc 49:35 - Root! Music: Gramatik - Just Jammin' Link: https://www.youtube.com/watch?v=xTA_FexW3qU