Linux Hackers Become Root with CURL & Sudo

preview_player
Показать описание


WATCH MORE:

🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
  1. John Hammond
  2. cybersecurity for beginners
  3. cybersecurity
  4. hacking
  5. ethical hacking
  6. dark web
Рекомендации по теме
Linux Hackers Become 0:18:44

Linux Hackers Become Root with CURL & Sudo

Linux Privilege Escalation 0:05:53

Linux Privilege Escalation - Three Easy Ways to Get a Root Shell

LINUX BASICS FOR 0:11:47

LINUX BASICS FOR HACKERS

Hacking Linux with 0:00:56

Hacking Linux with These Simple Commands Pt:1

sudo = POWER!! 0:28:19

sudo = POWER!! (managing users in Linux) // Linux for Hackers // EP4

Gain access to 0:06:57

Gain access to any Linux system with this exploit

Linux for Hackers 1:11:50

Linux for Hackers Tutorial (And Free Courses)

When you first 0:00:32

When you first time install Kali linux for hacking 😄😄 #hacker #shorts

LINUX FILE SYSTEM 0:06:16

LINUX FILE SYSTEM - PART 2

Linux for Ethical 2:01:00

Linux for Ethical Hackers (Kali Linux Tutorial)

Linux basics YOU 0:00:45

Linux basics YOU need to know: Root Recall #shorts #linux #kalilinux

Linux for Hackers 0:11:33

Linux for Hackers // EP 1 (FREE Linux course for beginners)

5 Linux Tools 0:02:25

5 Linux Tools Making It Scary Easy for Hackers to Hack You

How to enable 0:00:25

How to enable root login in kali Linux #kalilinux #linux #terminal #ethicalhacking #tips #hacking

How to hack 0:05:03

How to hack Hack Linux System | Gain root Access | Privilege Escalation | All Ubuntu LTS

Hackers Beware: 10 0:11:30

Hackers Beware: 10 Steps to Uncover Hackers on Your Linux System! // Kali Linux

Hacking Linux // 1:07:08

Hacking Linux // Linux Privilege escalation // Featuring HackerSploit

Linux users be 0:00:42

Linux users be like

the Linux File 0:20:33

the Linux File System explained in 1,233 seconds // Linux for Hackers // EP 2

How Easy Is 0:04:29

How Easy Is It For Hackers To Brute Force Login Pages?!

how hackers hack 0:09:06

how hackers hack any website in 9 minutes 6 seconds?!

Metasploit For Beginners 0:10:03

Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker

Linux for Hackers 0:47:21

Linux for Hackers Tutorial with OTW! (Episode 2)

linux users be 0:00:29

linux users be like

Комментарии
Автор

Appreciate the shout out John! This was a really interesting privesc. :D

Tibrius
Автор

Your first python3 web server is running as "user" which is why "user" needs access to /home/fry/.bash_history to successfully serve the file. There's no security exploit here. Hence why you needed to adjust the file permissions. I would expect users wouldn't run that server since it doesn't give them anything they don't already have.

Edit: The second python3 server running as fry is better since you smuggle in a file fry has access to into /root/ using curl as root. But ultimately you could have done the same by using curl as a fancy cp.

TheMAZZTer
Автор

You could also rewrite the /etc/shadow file, edit the uid of a user u have in /etc/passwd…

almog
Автор

man, I love your videos :)
keep up the good work :)

aalbatrossguy
Автор

Hey John, is there anyway to reach out to you about setting up vulnerable servers?

liveting
Автор

6:00 Doesn't python server read the file and serve it? How can curl having the sudo perms make python be able to serve a forbidden file?🤔

DHIRAL
Автор

wait a min. i didn't get that, when we access that file via curl its requesting python server for that file and python don't have perms to read that file, how the hell curl suid perms allowed that?

ChillstreamCentral
Автор

Always great videos. Thanks John!

Edit: I often make the same mistake when doing links 😂.

ToyeTuning
Автор

That was neat, the only downside is that this way if the authorized_keys file does exist you'll be overwriting it, so the original user wouldn't be able to access anymore using their key.
Also root ssh access could have been disabled for safety reasons.

gabrielex
Автор

3:10 lmao I am watching at 23 pm and i got flashbanged

algorithmblessedboy
Автор

Hi. Just a quick question. If you had access to write, is there a possibility to overwrite the/etc/shadow file with a new hashed password that you actually know for the root account?

mihaiciocan
Автор

If you fixed up the perms, then this wouldn't work, because the HTTP server would need to run as fry or root to read any of fry's files.
Could've just "cat /home/fry/.bash_history" at this point instead to save time.

Whothefuckareyoutojudge
Автор

John, what do you think of Tcm security training?

NANa-nzpz
Автор

how to access one system to another system

luis-rvjj
Автор

Great stuff. I now have more CTF problems than I have time. LMAO 😅

xCheddarBbx
Автор

Someone once time me the order of the params for ln is the same as mv and cp and i have never forgotten it since.

mv <old> <new>
cp <old> <new>
ln -s <old> <new>

RuggMatt
Автор

The first curl example does not make any sense. The web server that reads the symlink will do it as the same user as is running curl and the web server. Curl simply does nothing in that case, just that the permissions were set incorrectly.

definitelyno
Автор

Love your videos !! Thx !!
Is this Kali on bare metal or in a VM ?

sluuny
Автор

Privilege escalation, in MY sudo? It's more likely than you think.

petermoras
Автор

if he's already running commants using fry and using sudo then where the heck is the privilege escalation

thespecialchannel