VulnHub Homeless Walkthrough | RCE, Hydra & Root Privilege Escalation

🔥 Support my work on Patreon:
https://patreon.com/JunhuaWong
In this video, I will walk through the VulnHub machine Homeless step by step.

This CTF includes web enumeration, Burp Suite Spider/Discovery, robots.txt analysis, hidden User-Agent discovery, restricted file upload bypass, PHP command execution, MD5 collision authentication bypass, curl POST exploitation, reverse shell, Hydra SSH brute force, cron job analysis, and Linux privilege escalation.

We start by using Burp Suite to discover hidden paths and inspect robots.txt. Then we find a suspicious User-Agent clue in the page source and use it to reveal a private uploader directory. The upload function only allows very small files, so we upload a tiny PHP command execution payload.

Next, we discover a hidden admin panel and analyze the leaked index.php.bak source code. The login logic requires three different inputs with the same MD5 hash, so we use an MD5 collision tool to generate matching values and submit them with curl using --data-urlencode.

After logging into the admin panel, we gain command execution, get a reverse shell, enumerate the system, brute force the SSH password for the downfall user with Hydra and rockyou.txt, then abuse a root-executed Python cron job to write a new root user into /etc/passwd.

This video is for educational purposes only and is performed in an authorized CTF lab environment.
#VulnHub #Homeless #CTF #CTFWalkthrough #EthicalHacking #PenetrationTesting #CyberSecurity #BurpSuite #WebExploitation #UserAgent #FileUpload #MD5Collision #RCE #ReverseShell #Hydra #LinuxPrivilegeEscalation #OSCP #TryHarder

Видео VulnHub Homeless Walkthrough | RCE, Hydra & Root Privilege Escalation канала Junhua's Cyber Lab