HTB Intro –
Welcome back Youtube, In today’s video we discussing HTB which has become my chosen playground for pwn training. This video will cover the tips & techniques you will need to exploit an endpoint. I began recommending this site to people when I realized how powerful was.This is tradecraft that could eventually assist you in vulnerability assessments for Blue Team type work.
I just going to come out and say it this is what we are going to use to learn Command, Control, Computer, Communications, and Intel (C4I) lets become a Discovery Analyst.
Click the Lab Access button -> Machines -> Download VPN in order to access the machines within HTB environment from your own install. Once you have the file open you terminal start the vpn connection.
sudo openvpn lab_isharehow.ovpn
Test your connection to target with pinging it.
sudo ping 10.10.10.10 -c 7
Enumeration & Enumeration –
This aggressive scan will tell us the more detailed information about the target system that you can then Google to discover CVEs or data on vulnhub.com. Using what nmap exposed to you you now must employ your discovery skills to find the available exploits to your running services. It’s your job to find the missing security patches, common passwords, or unintended exposures to to attack.
nmap -sS -sV -A -oN 10.10.10.4
Speaking of Googling the software, searchsploit is CLI way to search the database that vulnhub.com holds. This is powerful because we can find the possible attacks already on the machine.