MoneyHeist: Catch Us If You Can || VulnHub Walkthrough

Опубликовано: 15 Март 2025
на канале: Techno Science

298

Hello everyone! Welcome to my latest video. Today, we're diving into a vulnerable machine called " Money Heist: Catch Us If You Can ."

This machine is inspired by the popular Spanish heist crime drama, Money Heist .
While the creators didn't specify its difficulty, I would classify it as " Medium " based on my experience. To get started, head over to the VulnHub website and download the vulnerable image.

Learn More: https://www.cybersecmastery.in/2024/0...

Contribute to growing: https://www.buymeacoffee.com/mrdev

========================================
TimeStamp
========================================
0:00 Intro
0:36 Settings Up
1:49 Enumeration
1:50 Identify the IP address
2:16 Conduct a network scan to identify open ports
3:50 FTP Enumeration
4:38 Web Enumeration and Directory Busting
6:30 Resolving " Image Cannot Be Displayed " Errors
9:24 Exploring and Analyzing the /gate Directory
11:29 Investigate an internal URL /BankOfSp41n
14:12 Brute Forcing FTP Credentials with Hydra
15:00 Foothold
15:11 Investigate user Arturo running on FTP service
17:25 Access user, Arturo via SSH to Investigate
18:29 Privilege Escalation
18:34 Escalate Privilege for user Arturo
18:50 Escalate user, Arturo Privilege using LinPEAS
20:39 Escalate privileges using the find SUID command
22:46 Investigate /BankOfSp41n/0x987654/ Directory
23:22 Decode Morse code-like text and investigate the output
23:45 Decode tap code text and investigate the output
24:18 Decode the ROT13 cipher and investigate the output
25:15 Decode unknown cipher and investigate the output
26:42 Investigate Nairobi for further Escalation
27:30 Escalate user, Nairobi Privilege using LinPEAS
28:25 Escalate privileges using gdb SUID command
29:32 Investigate a phonetic alphabet followed by a date for further escalation
30:11 Switch user to root
=============================================

Find me:
Instagram:  / amit_aju_
Facebook page:   / technoscinfo
Linkedin:   / amit-kumar-giri-52796516b
Chat with Telegram:https://t.me/technosciencesoln

Disclaimer: Hacking without having permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against real hackers.