This guide is part of the HackerSploit Red Team series of guides. In this video, we will cover Exploitation Techniques for Linux systems. Techniques used to gain a foothold include targeted spear phishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited use due to changing passwords.
0:39 What We’ll Be Covering
1:07 Mitre Attack Initial Access Techniques
1:32 Our Target Server
2:24 Infrastructure Overview
2:55 Let’s Get Started
3:10 Performing an nmap Scan
5:18 nmap Results
6:48 Accessing their Web Server
7:08 Analyzing the Web Application
7:50 Running a Directory Brute Force
12:15 Configuring the Hosts File
13:30 Tips for Enumerating a WordPress Site
14:12 Scanning a WordPress Site with wpscan
17:04 Working with Users as a Vector
17:47 SSH Brute Force with Hydra
20:12 Logging in with our Brute Forced Credentials
20:40 Enumerating Data on the Remote Server
21:59 Using netstat
22:45 How Do We Access the MySQL Database Server?
25:56 Listing Databases & Tables
27:45 Changing a Database User’s Password
29:22 Logging into wp-admin
New to Linode? Get started here with a $100 credit.
Read the doc for more information on Exploitation Techniques.
Learn more about Hackersploit.
Subscribe to get notified of new episodes as they come out.
#Linode #Security #RedTeam #Hackersploit
Product: Linode, Security, Red Team; Hackersploit;