hacking Friends linux machine | htb chemistry walkthrough | my notes & new tools

Hacking my friend’s FisMatHack Linux machine! In this video, we dive into two different proof-of-concept (PoC) vulnerabilities and manually exploit them to gain root access. Two fun apps I played with in this video are from: @charmcli - https://github.com/charmbracelet/mods - https://github.com/charmbracelet/glow 📽️ Don’t forget to like, comment, and subscribe for more HackTheBox & TryHackMe walkthroughs, tips, and tricks! https://www.youtube.com/watch?v=TlDxxCSxaUU&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=4&t=2174s&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=_LXA3brPU7A&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=4&t=2954s&ab_channel=ChrisAlupului https://www.youtube.com/watch?v=nvoRo-0HvRc&list=PLezu4l4_AXSG8LrK4RiCLDKnFaT5LKWWL&index=5&t=2084s&ab_channel=ChrisAlupului 🔗 Box Details: - Platform: Hack The Box - Difficulty: Easy - Focus: Web, RCE, LFI ------------------------------ Chris Alupulu's Socials: Instagram: https://instagram.com/chrisalupului X: https://x.com/chrisalupului TikTok: https://tiktok.com/chrisalupului BlueSky: https://bsky.app/profile/chrisalupulu... Visit my website: https://alupului.com My Recording Gear Used: https://www.amazon.com/shop/chrisalup... Sponsors: Interested in sponsoring my videos? Reach out to me at: [email protected] ------------------------------ 💡 TIMESTAMPS: 00:00 Intro 00:59 Recon nmap 02:25 Nmap with mods cli ai and glow 04:45 My blog notes, obsidian notes 06:35 Website recon 10:20 first attack vector 11:45 First proof-of-concept exploit 13:15 Crafting first payload poc 15:29 Foothold established 16:50 Using mods cli ai on poc payload 19:00 Pivoting into another user 22:45 SSH as rosa user 24:05 FisMatHack (box creator) tips for me 29:45 Second proof-of-concept exploit 33:37 Outro #htb #ethicalhacking #pentesting #cybersecurity #ethicalhacker #tryhackme #redteam #infosec #kalilinux #hackthebox #offensivesecurity #thm DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided.