Tier 1: Three - HackTheBox Starting Point - Full Walkthrough

Learn the basics of Penetration Testing: Video walkthrough for the "Three" machine from tier one of the @HackTheBox "Starting Point" track; "You need to walk before you can run". We'll be exploring the basics of enumeration, service discovery, directory busting, insecure s3 buckets, aws-cli and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec

↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23

↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox

↢Video-Specific Resources↣
https://pentestbook.six2dez.com/enumeration/cloud/aws
https://blog.securelayer7.net/aws-penetration-testing-for-s3-bucket-service-basics-security
https://book.hacktricks.xyz/cloud-security/aws-security

↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:12
Explore website: 0:50
Enumerate subdomains (ffuf? gobuster?): 2:07
Amazon s3 buckets: 7:13
aws-cli: 10:01
Insecure File Upload: 14:22
End: 17:51