I totally missed getting access to Matthew and went straight Miner using chisel and the miner exploit to get shell. I couldn't figure out root but I could of gotten points for users T_T. I should always remember to always check the input first, like you said in this video, nice, and thanks!
Hey Ipp, just a question. Around 40:00, when you were trying to priv esc by setting SUID bit to the bash binary in /tmp, I think the you copied the binary as zoneminder user. Maybe that's the reason it did not escalate to root?
He copied the Bash binary to /tmp because usually you don't want to change the permissions of the actual binary, be it during a CTF or while doing a shared box, because other competitors may piggyback on your work and get root easily, or during a pentest, because you may forget to unset the permissions. As for the second question, you can become root with Bash by running the command "bash -p". The option "-p" means to run Bash in privileged mode. However, this only works if: 1) The binary is owned by root. If it's owned by another user, say matthew, "bash -p" will start a shell as matthew. You can check who owns a file with the command "ls -lath". 2) The binary has the setuid bit set. If the binary doesn't have the setuid bit set, "bash -p" will start a shell as the same user that ran the command. You can set the setuid bit of a binary with the command "chmod u+s ".
By studying lots of walkthroughs and practicing on lots of boxes. I have a privesc checklist and I update it whenever I learn of a new privesc vector. I usually learn new privesc vectors on this channel.
Ippsec sir i was doing usage.htb box but unable to cracked within 1 hour i watched every video but why? How to strong penetration testing step plz reply sir
I totally missed getting access to Matthew and went straight Miner using chisel and the miner exploit to get shell. I couldn't figure out root but I could of gotten points for users T_T. I should always remember to always check the input first, like you said in this video, nice, and thanks!
Hey ipp, I just wanted to say thank you soo much for making these videos.
Hey Ipp, just a question. Around 40:00, when you were trying to priv esc by setting SUID bit to the bash binary in /tmp, I think the you copied the binary as zoneminder user. Maybe that's the reason it did not escalate to root?
That and also because he ran "/tmp/bash -i" instead of "/tmp/bash -p"
1:06:48 we're still watching the video because we like you and you rule!
with htb machines, you never see creds in environment variables; you'd think this would be a thing.
Analytics had creds in environment machines
@@AUBCodeII thanks. ill check it out
around min 38, when you were trying to priv esc, why did you move the bash file ? and how using it make you root ? you didn't really explain that
He copied the Bash binary to /tmp because usually you don't want to change the permissions of the actual binary, be it during a CTF or while doing a shared box, because other competitors may piggyback on your work and get root easily, or during a pentest, because you may forget to unset the permissions.
As for the second question, you can become root with Bash by running the command "bash -p". The option "-p" means to run Bash in privileged mode. However, this only works if:
1) The binary is owned by root. If it's owned by another user, say matthew, "bash -p" will start a shell as matthew. You can check who owns a file with the command "ls -lath".
2) The binary has the setuid bit set. If the binary doesn't have the setuid bit set, "bash -p" will start a shell as the same user that ran the command. You can set the setuid bit of a binary with the command "chmod u+s ".
Great video! How many MH/s can you get on your kraken machine while cracking md5 hash?
How do I get better at privelege escalation?
By studying lots of walkthroughs and practicing on lots of boxes. I have a privesc checklist and I update it whenever I learn of a new privesc vector. I usually learn new privesc vectors on this channel.
With nmap you can just do -sCV and achieve the same effect as -sC -sV
I don't need to use any CVE in zoneminder users, just exploit misconfiguration in its web services
SpongeIpp SecPants
no no it’s ippbob secpants how did you mess that up
@@bread_girl_jane IppBob: an Ipp named Bob
SpongeIpp: a sponge named Ipp
Se garantiu doido
i was waiting from a long time
Ippsec sir i was doing usage.htb box but unable to cracked within 1 hour i watched every video but why? How to strong penetration testing step plz reply sir
HOW DO YOU EVEN PLAY HACK THE BOX
Yeah tell me too
Push!
use kali Just once just once please
😊
Great video ❤❤