The -p flag in bash is related to security. It is used to prevent the shell reading user-controlled files. If Bash is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
When I did first this box, I used sftp within the box to upload the authorized_key and Public key so that I can SSH in lol which in hindsight it was such a roundabout way lol but you live and you learn thanks for the video!
@30:50 also, if you have two panes split horizontally, copy and paste will by default take over the text from the rhs pane too. :-( so, care needed as you say (Ctrl-B Z temporarily)
If I’m at the hotel, my laptop would update the ddns host to point to the hotel. Anyone at the hotel would have the same edge ip, so they could connect toy house.
What if instead of pointing the dynamic dns towards our own ip address to login through ssh, you could have just edited the id_rsa and remove that rule. You also had read/write permissions on the file. Also, for getting root, you could have just put reverse shell in the sudo executable.
Yeah I don’t generally do that when recording because I don’t want be in the habit of using my private key and accidentally leaking the private key in a twitch stream when I’m explaining what’s happening
The -p flag in bash is related to security. It is used to prevent the shell reading user-controlled files.
If Bash is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
When I did first this box, I used sftp within the box to upload the authorized_key and Public key so that I can SSH in lol which in hindsight it was such a roundabout way lol but you live and you learn thanks for the video!
What a coincidence , I Just watch dynatr a few minutes ago , and now again 😀
@30:50 also, if you have two panes split horizontally, copy and paste will by default take over the text from the rhs pane too. :-( so, care needed as you say (Ctrl-B Z temporarily)
Thx Ippsec for being an inspiration
thank you,I ve been workin on this for a week and you basically solved it in few hours soo cool,wish Id be in the same level as you one day :)
You just din't know how it' worked normal
@Ippsec The -p command stands for "Privileged"
How did you know that there was a command injection vulnerability in the URL? What was your thought process when you did that?
Saw the error say nsupdate, which is a binary
this came in my recommended and I have no idea what I’m seeing or listening too
by default, bash drops privilege to the user executed it(bindmgr) , with -p you telling it to not drop privilege back to (bindmgr) and stay as root
can anyone please tell me why is he saying at 23:28 that he's controlling h, hees not root like he demonstrated in thate php code
How would someone at a hotel wifi do a reverse lookup for your domain and access 22 of your firewalls?
If I’m at the hotel, my laptop would update the ddns host to point to the hotel. Anyone at the hotel would have the same edge ip, so they could connect toy house.
The way you pronounced Dyna DNS
Another awesome video! Which hotel are you going to be staying at in the near future? Just wondering :D
What if instead of pointing the dynamic dns towards our own ip address to login through ssh, you could have just edited the id_rsa and remove that rule. You also had read/write permissions on the file. Also, for getting root, you could have just put reverse shell in the sudo executable.
@40:30 or sign your own key and adjust HostCertificate /in /etc/ssh/sshd_config so the ~/.ssh/authorized_keys isn't referenced...
Yeah I don’t generally do that when recording because I don’t want be in the habit of using my private key and accidentally leaking the private key in a twitch stream when I’m explaining what’s happening
Hmm...ssh-add -l| wc -l could be an issue here
thanks master