Tier 1: Responder - HackTheBox Starting Point - Full Walkthrough

Learn the basics of Penetration Testing: Video walkthrough for the "Responder" machine from tier one of the @HackTheBox "Starting Point" track; "you need to walk before you can run". We'll be exploring the basics of enumeration, service discovery, Local File Inclusion (LFI), Remote File Inclusion (RFI), NTLM hash grabbing with Responder, hashcracking (john the ripper), evil-winrm and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec

↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23

↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox

↢Video-Specific Resources↣
https://book.hacktricks.xyz/pentesting-web/file-inclusion#windows
https://www.sikich.com/insight/using-multirelay-with-responder-for-penetration-testing/
https://book.hacktricks.xyz/pentesting/5985-5986-pentesting-winrm

↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
Start: 0:00
Enumerate ports/services (NMap): 0:19
Wappalyzer/Nikto/Gobuster: 1:45
WinRM/evil-winrm: 5:20
Local File Inclusion: 6:55
LFI PHP filter Trick: 11:00
RFI + Responder = NTLM Hashes: 12:04
Crack hash with John: 17:04
Shell with evil-winrm: 17:58
End: 19:13