H
Harvest
AI Summarized Content

Full Penetration Testing Experience: From Start to Gaining Admin Control

Video Overview

This video is a comprehensive, real-world penetration testing walkthrough, showing the process from scratch all the way to gaining admin access on a target system. The creator condenses a one-hour session into a 30-minute video to keep things engaging and efficient, but leaves the footage unedited so beginners can follow every step and learn how to apply the techniques themselves.

Introduction & Approach

  • The video starts with:

    "In the name of God, this video is a penetration testing experiment."

  • The creator emphasizes that the video is sped up but not edited, so viewers can pause and replay as needed:

    "If you feel the video is fast, you can pause and go back, look at the screen, and understand like everyone else."

  • The environment is brand new—nothing is pre-configured:

    "Even the environment is freshly installed, nothing is ready, so we start from zero."

  • The creator encourages beginners:

    "If you feel the video is hard, that's normal. Step by step, it will become as easy as water."

  • He suggests watching previous videos for better understanding:

    "If you follow the previous videos, you'll be ready when you get here."

  • The goal is to let learners evaluate their progress and get a general idea of real-world hacking:

    "The course isn't over, but why do a penetration test in the middle? So learners can evaluate their performance, and those who haven't hacked before can get a general idea."

Setting Up & Mindset

  • The creator deliberately acts as a beginner:

    "I decided to do this video as if I'm a beginner, in a new environment, not knowing anything, learning with you."

  • He highlights the importance of information gathering:

    "As we learned before, when you do a penetration test, you need to be organized so you know how to examine the target."

  • Key advice:

    "Most people just show you the final result. I want to show you how much work goes in before that."

Information Gathering (Reconnaissance)

  • Testing Inputs:
    The creator starts by inputting incorrect data to see if the backend filters inputs:

    "I'm entering inputs incorrectly to see if the backend filters them, or if I can talk to the server any way I want."

  • Understanding Frontend vs Backend:

    "Websites are made of frontend and backend. The frontend is what you see, the backend is mostly programming and databases."

  • Using Browser Extensions:

    "I prefer browser extensions because they're the fastest way to get information."

  • Collecting Data:

    "We saw Apache with a specific version, found some emails, saw the HTTP server and its version, and the IP address."

  • Storing Information:

    "I was saving info in the terminal, which is bad. I decided to open a note and put the data there. Usually, I store data in bigger, more organized places."

Technology & Vulnerability Scanning

  • Identifying Technologies:

    "We tried to find out what technologies the site uses."

  • Using SearchSploit:

    "SearchSploit is like a database of all vulnerabilities. You search for a specific technology and see if it's in the database."

  • If a vulnerability is found:

    "If the vulnerability exists, hacking becomes very easy. You just search for the exploit online and use it."

  • Checking SSH and Apache:

    "We saw OpenSSH on port 22 with a certain version. I searched for vulnerabilities for that version."

  • Looking for Admin Pages:

    "I tried to find the admin page, but I was just typing random words. I wanted to see the error page, because if it's not well-handled, it can show you information."

Directory & Page Enumeration

  • Using Dirb for Brute Force:

    "I found a tool called Dirb. It needs a wordlist, so I searched for one and found 'general'."

  • Error Handling:

    "If the error page isn't handled well, it can show you information. Since they didn't handle errors well, it's likely they didn't hide other pages either."

  • Troubleshooting:

    "If you get errors, stop and ask yourself what's wrong. There's nothing wrong with searching for help."

  • Robots.txt:

    "I checked robots.txt to see if there are pages the site doesn't want search engines to visit. These are usually sensitive pages."

CMS & Deeper Enumeration

  • Identifying the CMS:

    "CMS is the framework behind the site. You need to know which CMS is used to help you build the site faster."

  • Trying Other Tools:

    "The tool I used for finding pages wasn't good, so I looked for another one and found 'ffuf'."

  • Learning New Tools:

    "If you don't know a tool, go to its official page or manual and see how to use it."

Discovering a Vulnerable Subdomain

  • Finding a Subdomain:

    "I found a subdomain called 'crm' and a brand called 'Dolibarr'. I searched for what Dolibarr is."

  • Default Credentials:

    "I tried the default login information, and boom! It worked. They didn't change the default credentials."

  • Emphasized Warning:

    "This is a weakness. The admin should have changed these credentials."

  • Default credentials found online:

    "I searched Google and found it's 'admin:admin'."

Exploiting the Vulnerability

  • Looking for Exploits:

    "I searched for Dolibarr vulnerabilities in Metasploit and SearchSploit."

  • Checking CVE:

    "I found a CVE with a score of 8.8. That's a very high vulnerability. If you exploit it, you can control the whole server."

  • Learning from Others:

    "There are people who hacked it before me. I can learn from them and see what vulnerabilities worked for them."

  • Trying Exploit Scripts:

    "I found an exploit on GitHub. The README file explains how to use it."

  • Troubleshooting Again:

    "If the script doesn't work, you might have to fix it yourself. Most hackers give up at this point because it's tiring to fix someone else's code."

  • Manual Exploitation:

    "Since the script didn't work, I decided to exploit it manually. You have to really understand the vulnerability to do it by hand."

Gaining Admin Access

  • Configuring the CMS:

    "I tried to create a new page in the CMS. You have to configure it, enter specific information, and sometimes trick it into letting you create a page you control."

  • Key Takeaway:

    "Just finding the default credentials is a vulnerability by itself. You can stop there, that's already a big win."

  • For Advanced Learners:

    "The rest is just for those who want to go deeper. Creating a page and configuring it is more advanced and not necessary for beginners."

Final Thoughts & Encouragement

  • On Difficulty:

    "If you found this hard, that's normal. With time, it will become easy."

  • On Learning:

    "The best way to learn is to see examples, then explanations, then more examples."

  • On Persistence:

    "You'll always face new things. If you don't know something, search for it and learn."

  • On Progress:

    "If you found this easy, that means you're on the right track!"

Key Quotes & Takeaways

  • "Nothing is easy from the beginning."
  • "Step by step, it will become as easy as water."
  • "Most people just show you the final result. I want to show you how much work goes in before that."
  • "If you don't know a tool, go to its official page or manual and see how to use it."
  • "If you get errors, stop and ask yourself what's wrong. There's nothing wrong with searching for help."
  • "Just finding the default credentials is a vulnerability by itself. You can stop there, that's already a big win."
  • "You'll always face new things. If you don't know something, search for it and learn."

Summary Table of Key Steps

StepTools/ConceptsKey Points
Info GatheringBrowser extensions, notesCollect all possible data, organize findings
Tech & Vuln ScanningSearchSploit, GoogleLook for known vulnerabilities in used tech
Directory EnumerationDirb, ffuf, robots.txtFind hidden pages, admin panels, sensitive files
CMS IdentificationManual checks, GoogleKnowing the CMS helps in finding specific exploits
Subdomain Discoveryffuf, manual searchSubdomains can have their own vulnerabilities
ExploitationMetasploit, GitHub scriptsTry public exploits, fix scripts if needed, or exploit manually
Gaining AdminDefault creds, CMS configDefault credentials are a huge weakness; deeper exploitation is more advanced

Final Encouragement

"With time and practice, you'll get better. Don't give up if you get stuck—search, learn, and keep going!" 🚀

Keywords:

  • Penetration Testing
  • Information Gathering
  • Vulnerability Scanning
  • Directory Enumeration
  • CMS Identification
  • Default Credentials
  • Manual Exploitation
  • Persistence in Learning

Remember:

  • Pause and replay as needed.
  • Take notes and organize your findings.
  • Search for help when stuck.
  • Practice makes perfect! 💪

If you want to go deeper, check out the creator's other videos for more advanced techniques

Summary completed: 7/19/2025, 4:09:39 PM
Source:View original

Need a summary like this?

Get instant summaries with Harvest

5-second summaries
AI-powered analysis
📱
All devices
Web, iOS, Chrome
🔍
Smart search
Rediscover anytime
Start Summarizing
Try Harvest