HackTheBox - Jail

80-73OYcrrk/default.jpg

00:52 - Recon - NMAP
04:05 - Recon - Getting Linux Distro
04:35 - Recon - GoBuster
05:40 - Analyzing Jail.c source
09:45 - Begin Binary Exploitation
15:10 - Verify Buffer OVerflow
17:35 - Create Exploit Skeleton
20:50 - Finding EIP Overwrite
23:02 - Adding Reverse TCP Shellcode
30:15 - Switching to "Socket Re-Use" Shellcode
32:20 - Shell Returned
34:00 - NFSv3 Privesc Begin
40:15 - Begin incorrectly playing with SetUID
43:10 - SELinux Escape
45:25 - Using SELinux Escape to copy SSH Key
48:55 - Logging in as Frank
50:00 - Privesc to adm (sudo rvim)
51:44 - Begin of finding a way to root
55:58 - Begin cracking rar file
57:18 - Using Hashcat to generate custom wordlist
60:40 - Cracking with JohnTheRipper
62:30 - RsaCtfTool to exploit weak SSH Pub Key
63:36 - Login as root with SSH Private Key
64:11 - EXTRA CONTENT: Alternative Privesc to ADM (NFS)
65:21 - Creating a directory to give other users NFS Write access
67:30 - Correct way to do SetUID Program
71:04 - Using SetUID Programs to write to disk



80-73OYcrrk/default.jpg
HackTheBox - Jail HackTheBox - Jail Reviewed by Unknown on January 18, 2018 Rating: 5