thank you so much! i just did my first walkthrough on a ctf with this video, and i learned so many skills just in one video! actually the hardest part was just at the very beginning when i tried to netdiscover...because my vm wasnt scanning anything on the network and i had to figure out how to make lampiao show up my scan. after that, i was able to follow along with everything you did very well and get the flag. these are really so great for people just getting started and i hope you do more, especially level 1s!
"Lampião" is the name of a famous "cangaceiro" - a kind of outlaw from northwest- from Brazil. His real name is "Virgulino Ferreira da Silva"! bytheway "Lampião" - the word - means lamp , lantern ...
Lampião is a name of a Brazilian figure, from the begging of XX century. He was a leader of a paramilitary group, consider a hero from some, criminal from others, but definitely a important figure on the Brazilian history. This "pirate" is his image, this hat was a symbol of his movement, called "cangaço". The words above his image, is a very regional way to say "son of a b*". 😁
Do you know anything about "Virgulina"? Does it mean anything? As far as I can tell, it appears in the first 4 words of tiago's blog post "Morte e Vida Virgulina" which seems to be a play on words from the name of a play "Morte e Vida Severina". I wonder what significance that has. Edit: nvm, looks like Lampião's real name was Virgulino Ferreira da Silva, so I guess that explains it.
"Fi duma egua!" is portuguese from Brazil, its mean something like "Son of an horse" - literaly - , its a expression that could mean almost anything! its dificult to find a relation with any terms in english! Could be anything god or bad, depends of the context used!
This has probably been pointed out a few times by now, but 'Cat | grep' thiago was taking so long becouse you weren't using the cat command on anything, the syntax there would be, oh and you can grep files, no need for the cat in the first place
@HackerSploit. Thanks for your great work! One question: The kernel version is reported as 4.4.0-31-generic as per uname-a, but the exploit still worked even though it is for 2.6.22 < 3.9, not sure why...
Oddly enough, when I use the external link to download the cpp file, I get 404 not found. I was able to download the 40839.c file, but not the one he's using. There's compile instructions in there as well, I just hope it works!
The link to the .cpp file 404's Downloading the .c file instead leads to system crash when run Original cpp can be found at github.com/gbonacini/CVE-2016-5195 Under clone or download right click download zip and copy link Wget & paste link Unzip Follow compilation/run instructions shown at 21:27
I was trying to hack the root password but nothing worked. I was able to run into GRUP mode through the ssh connection that I established. However, it booted regularly as the robot user. I know that I am was not supposed to do that. I just wanted to completely hack it and gain full control over the VM. Is it even possible with this VM. I'd be very grateful if someone shares their opinion on this matter. Thank you in advance.
Why bother with netdiscover when you know the IP of the target and no other machines need to be discovered? nmap is the right tool to begin in my experience.
If u perform nmap u see Drupal 7.5 ..which is vulnerable to a remote code execution ...just google and get the ruby script from exploit-db and use it ...u get a shell as www-data from there the privesc is easy ....
Hey HackerSploit, I know this sounds silly and I'll admit it is but how can I get admin on a school computer? I have a Windows 10 at home and use python. I really don't know anything about hacking but I just want to get admin on a school computer. Im a senior in high school and I know this is stupid but come on it could be so awesome if I could do that.
Nice walkthrough and explanation of thought process. By the way, as an alternative, drupal_drupalgeddon2 exploit worked great to get a shell, then same process as you have described using dirtycow 2 for root.
Try to speak slower and keep clam while speaking. Try to minimize the use of words like umm. Do not repeat one thing in different ways again and again.This makes it hard to concentrate. Write down a all the points before recording the voice this will make the product quality much better.
It's a portuguese word, and your pronouncement is good.
Up
thank you so much! i just did my first walkthrough on a ctf with this video, and i learned so many skills just in one video! actually the hardest part was just at the very beginning when i tried to netdiscover...because my vm wasnt scanning anything on the network and i had to figure out how to make lampiao show up my scan. after that, i was able to follow along with everything you did very well and get the flag. these are really so great for people just getting started and i hope you do more, especially level 1s!
"Lampião" is the name of a famous "cangaceiro" - a kind of outlaw from northwest- from Brazil. His real name is "Virgulino Ferreira da Silva"! bytheway "Lampião" - the word - means lamp , lantern ...
Yay another CTF !!!
You forgot list.txt in your grep attempt brother :D Greetings from Daily Linux Tips. Nice walkthrough!
Hackersploit, kernel hardening, lol. Much respect, keep up the great work (i just seen your reply yesterday, didn't mean to bring it up again, srry)
Amazing video. Well done Alexis!
Great video,happy coding and happy breaking bro...waiting for more videos
Just excellente Alexis, Great
Thank you Sir now i have a better understanding of how ctf's work
Thanks for sharing
Bedankt voor het delen
Merci pour le partage
Danke fürs Teilen
साझा करने के लिए धन्यवाद
Hindi translation doesn't make any sense grammatically.
But means thanks for summarising.
Awesome Video Bro...
I have get lot of knowledge for your one video and we love you sir ♥️
Great Content
Very very coooool!!!!!! TY!!! 😎👍
Smashed the like
Thank you bro 💕,and please keep going with web application penetration testing and bug bounty
Thumbs up for using cewl
Thanks you for this video. It was very interesting ! Keep Uploading others CTF. More pratice less studies :p
14:20
Did he cat a cat 🤔? Kappa
Very nice video :)!
Super!!
Lampião is a name of a Brazilian figure, from the begging of XX century. He was a leader of a paramilitary group, consider a hero from some, criminal from others, but definitely a important figure on the Brazilian history.
This "pirate" is his image, this hat was a symbol of his movement, called "cangaço". The words above his image, is a very regional way to say "son of a b*".
😁
Do you know anything about "Virgulina"? Does it mean anything? As far as I can tell, it appears in the first 4 words of tiago's blog post "Morte e Vida Virgulina" which seems to be a play on words from the name of a play "Morte e Vida Severina". I wonder what significance that has.
Edit: nvm, looks like Lampião's real name was Virgulino Ferreira da Silva, so I guess that explains it.
"Fi duma egua!" is portuguese from Brazil, its mean something like "Son of an horse" - literaly - , its a expression that could mean almost anything! its dificult to find a relation with any terms in english!
Could be anything god or bad, depends of the context used!
This has probably been pointed out a few times by now, but 'Cat | grep' thiago was taking so long becouse you weren't using the cat command on anything, the syntax there would be, oh and you can grep files, no need for the cat in the first place
I think the exact syntax of using it would be probably $cat list.txt | grep "tiago"
Nice video m8
@HackerSploit. Thanks for your great work! One question: The kernel version is reported as 4.4.0-31-generic as per uname-a, but the exploit still worked even though it is for 2.6.22 < 3.9, not sure why...
Thanks a lot! One question, there is a Drupal Exploit in MSF...I couldn't make it work here, any idea why?:
thank you
What network adapter did you used to connect host pc and VM ??
4th... Best always...
It s the name 'lampiao' of a great bandit from Brazil...he was died from police but in his life helped more and more people brazil...
It's like that "E corp" server hacking,,, i love this tutorial ❤❤
U r great
Oddly enough, when I use the external link to download the cpp file, I get 404 not found. I was able to download the 40839.c file, but not the one he's using. There's compile instructions in there as well, I just hope it works!
The link to the .cpp file 404's
Downloading the .c file instead leads to system crash when run
Original cpp can be found at github.com/gbonacini/CVE-2016-5195
Under clone or download right click download zip and copy link
Wget & paste link
Unzip
Follow compilation/run instructions shown at 21:27
MAKE MORE VIDEO ON CTF WALK THROUGH sir.... 👌👌
GRAZIE DALL'ITALIA
dude its still showing the same port 80 page in 1898 tooo...any suggestion
hey there is no more c++ file in dirtycow2.. its a c file.. and its not working accordingly.. so can you suggest any solution??
"fiduma egua" means: Son of a mare
Bro how do you edit your vector thumbnails please make a video
So the password was a word from his blog post? How realistic is that?
Can you use Metasploit to do all of this?
You haven't specified the name of the file i.e list.txt while using the grep command !
I was trying to hack the root password but nothing worked. I was able to run into GRUP mode through the ssh connection that I established. However, it booted regularly as the robot user. I know that I am was not supposed to do that. I just wanted to completely hack it and gain full control over the VM.
Is it even possible with this VM. I'd be very grateful if someone shares their opinion on this matter.
Thank you in advance.
#HackerSploit Can you make a video on ... How to use DDNS in a payload ???
Can you make some videos on keyloggers
Great Video!!
I have a issue with wget.
wget: unable to resolve host address ‘www.exploit-db.com’
The link to dirty cow 2 has been modified, but not updated in linux exploit suggester.
www.exploit-db.com/raw/40847
Why bother with netdiscover when you know the IP of the target and no other machines need to be discovered? nmap is the right tool to begin in my experience.
it didn't cat out because you hadn't specified text file after cat
it should have been "cat list.txt | grep tiago"
Like HSploit . do a video how to hack httpS pls
I solved it using druplageddon exploit .....This box is fun and real easy 😂😂😂....
Any way to contact you bro.?
@@GoogleUser-uv5ci I'll explain here itself if u need
please explain
If u perform nmap u see Drupal 7.5 ..which is vulnerable to a remote code execution ...just google and get the ruby script from exploit-db and use it ...u get a shell as www-data from there the privesc is easy ....
@@GoogleUser-uv5ci u can hit me upon twitter @NerdSamad
That's not a pirate, His name is Lamiao and hes a famous Brazilian bandit.
Hey HackerSploit, I know this sounds silly and I'll admit it is but how can I get admin on a school computer? I have a Windows 10 at home and use python. I really don't know anything about hacking but I just want to get admin on a school computer. Im a senior in high school and I know this is stupid but come on it could be so awesome if I could do that.
try googling for win10 exploits based on python.. it might help
Nice walkthrough and explanation of thought process. By the way, as an alternative, drupal_drupalgeddon2 exploit worked great to get a shell, then same process as you have described using dirtycow 2 for root.
50th
Try to speak slower and keep clam while speaking. Try to minimize the use of words like umm. Do not repeat one thing in different ways again and again.This makes it hard to concentrate. Write down a all the points before recording the voice this will make the product quality much better.