In this video, we dive into the Hack The Box "Bank" machine, taking you through the entire exploitation process from initial enumeration to privilege escalation! We'll start with port scanning using Nmap and then dive into DNS zone transfer to uncover hidden subdomains. From there, we’ll perform directory enumeration with FFuf to discover sensitive directories, locate a login page, and even identify a potential information disclosure vulnerability! 🔍 What We'll Learn: Initial Enumeration - Using Nmap to discover open ports and services. Zone Transfer - Extracting useful DNS information to add subdomains. FFuf for Directory & Host Enumeration - Identifying hidden directories and virtual hosts. Credential Discovery - Gaining access using leaked credentials. Reverse Shell Upload - Uploading a reverse shell for initial foothold. Privilege Escalation Techniques - Navigating from www-data to root user. **Join me on this hacking journey** where we not only help "V" get an edge at his job but also sharpen our own cybersecurity skills along the way. This one's for all the aspiring ethical hackers and HackTheBox enthusiasts out there! Don’t forget to like, subscribe, and turn on notifications to stay updated with more CTF content! Watch Next: Hacking Education App: Hacking Editorial HTB: Bounty Hunter HTB: ------------------------------ Chris Alupulu's Socials: Instagram: X: TikTok: BlueSky: Visit my website: My Recording Gear Used: Sponsors: Interested in sponsoring my videos? Reach out to me at: chris@ ------------------------------ TIMESTAMP: 00:00 Introduction 01:00 Nmap scan 03:10 Dig axfr scan 04:30 Viewing web app with Burp Suite 05:58 Enumeration scan with Ffuf 09:29 Information disclosure 12:00 Web app login breach 12:30 File upload reverse shell 19:50 Rev Shell Generator with netcat listener 21:15 Web app foothold breached 21:45 TTY reverse shell upgrade 23:25 Privilege escalation to root user 27:56 Outro Think you're ready for a bigger challenge? 🔥 Hack The Box Pro Labs offer advanced, real-world network simulations like Dante, Offshore, and Cybernetics. Dive deep into hands-on environments built to level up your skills in hacking, Active Directory, and red teaming. Perfect for sharpening your expertise and exploring real corporate network setups. Get started today! Blog: Bank Sanity Check & Thought Dumps #ethicalhackingtraining #htb #hackthebox #cybersecurity #cybersecuritytutorial #cybersecurityforbeginners #ethicalhacker #ethicalhackingtutorial Affiliate Disclaimer: This video includes affiliate links and if you use them, I may earn a small commission at no extra cost to you. 🔥 Thanks for supporting the channel! 👉 Hack The Box Affiliate Link 👈 Shop my gear - Amazon Storefront: DISCLAIMER: This video is intended for educational purposes only. All activities demonstrated in this video were conducted on legally authorized systems such as HackTheBox & TryHackMe. Unauthorized hacking, including attempts to gain unauthorized access to computers, servers, or other digital assets, is illegal and unethical. Always obtain proper permission before conducting any form of penetration testing or security research. The techniques shown here should only be used in ethical hacking environments, and I am not responsible for any misuse of the information provided. Tags: Hack The Box Bank walkthrough, ethical hacking tutorial, penetration testing guide, web app security, Linux privilege escalation, Nmap port scanning, DNS zone transfer, FFuf directory enumeration, cybersecurity for beginners, reverse shell techniques, information disclosure vulnerabilities, credential discovery, bug bounty hunting tips, infosec training, web app exploitation, red team tactics, cybersecurity basics, Hack The Box challenges, network security analysis, hacking real-world scenarios