Redis privilege escalation Part 1 – Gemini Pentest v2 Ep6
#pentesting #ctf #hacking #metasploit #kalilinux
Part 1: https://youtu.be/nlOADnE-FWA
Part 2: https://youtu.be/NzMaaTQAmtY
Part 3: https://youtu.be/UCLS3b8Tg5M
Part 4: https://youtu.be/I6HMPmYs6n0
Part 5: https://youtu.be/rShWbz9PsFs
Part 6: https://youtu.be/QcXUAJ_qsKo
Part 7: https://youtu.be/cHMeH7WO0X4
Hey whatβs up? In this video series, I will h4ck the Gemini Pentest v2 CTF challenge. This episode will be dedicated to performing port scanning with nmap, then performing a directory bruteforce to find a registration feature. then creating a new user account that has to be activated. Then, I will bypass the activation feature, login, and explore the application features to hunt for bugs. We will then follow our gut instinct to turn a potential vulnerability into a promising lead. Then we will try to access the server using SSH by uploading our public key to the authorized_keys file. Since we can’t achieve that, we will get a revere shell using ngrok and netcat. Then, we will elevate our privileges using a redis service running as root.
π π₯ Become a pentester
https://academy.thehackerish.com/p/from-zero-to-signing-your-first-ethical-hacker-job?utm_source=social&utm_medium=youtube&utm_campaign=desc
π Learn the technical skills:
https://thehackerish.com/best-hacking-websites-for-ethical-hackers/
π Become a successful bug bounty hunter: https://thehackerish.com/a-bug-bounty-hunting-journey-book
π Download your FREE Web hacking LAB and starting hacking NOW: https://thehackerish.com/owasp-top-10-lab-vm-free
π Read more on the blog: https://thehackerish.com
πͺπ» Support this work: https://thehackerish.com/how-to-support
– Facebook Page: https://www.facebook.com/thehackerish
– Follow us on Twitter: https://twitter.com/thehackerish
– Listen on Anchor: https://anchor.fm/thehackerish
– Listen on Spotify: https://open.spotify.com/show/4Ht8jEbPzyZnfbIlhFG91x
– Listen on Google Podcasts: https://podcasts.google.com/?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8xYTVkYTgxYy9wb2RjYXN0L3Jzcw%3D%3D
Comments are closed.