Weird PrivEsc Techniques | DarkCon 2021 Talk | #OSCP

preview_player
Показать описание
A short talk I gave at DarkCon 2021 regarding 4 "weird" privilege escalation techniques, complete with explanations and demos.

1:10 - Bash Globbing (Cron Job Wildcards)
7:46 - Writable /etc/passwd
12:16 - Unquoted Service Path
17:57 - Windows GUI

  1. Tib3rius
Рекомендации по теме
Weird PrivEsc Techniques 0:21:17

Weird PrivEsc Techniques | DarkCon 2021 Talk | #OSCP

Day 2 DarkCON 1:46:37

Day 2 DarkCON

this is for 0:00:09

this is for Darkcon

Top 5 Methods 0:15:32

Top 5 Methods for Priv Esc in Windows | Local Priv Esc

1.TryHackMe - 0:04:37

1.TryHackMe - Linux PrivEsc

The Complete Linux 0:01:51

The Complete Linux Privilege Escalation Course 2022 - OSCP

#HITB2021AMS D2T1 - 0:59:51

#HITB2021AMS D2T1 - The Rise Of Potatoes: Priv. Esc. In Windows Services - A. Pierini & A. Cocom...

THM: Relevant 1:22:00

THM: Relevant

Beginner's Guide to 0:33:28

Beginner's Guide to GTFO-Bins Linux privilege escalation

Advanced Linux Privilege 0:01:41

Advanced Linux Privilege Escalation: CAP_SYS_PTRACE

Interview With Tib3rius 0:33:16

Interview With Tib3rius | SecTalks Episode 1

The Complete Windows 0:41:23

The Complete Windows Privilege Escalation Guide | TryHackMe Windows Privesc

Linux Privilege Escalation 0:03:40

Linux Privilege Escalation - Kernel Exploits

TryHackMe #181 Windows 1:05:41

TryHackMe #181 Windows PrivEsc

TryHackMe #345 Linux 1:26:09

TryHackMe #345 Linux PrivEsc

Windows Privilege Escalation 0:18:13

Windows Privilege Escalation | Impacket Script

Bear Security - 0:06:51

Bear Security - Privilege Escalation in Linux, Security Firm COO Arrested (Week of June 19, 2021)

Windows Privilege Escalation 1:15:00

Windows Privilege Escalation Compiled Crash Course

CVE-2023-24769 - Changedetection.io 0:01:20

CVE-2023-24769 - Changedetection.io Stored XSS #cve #infosec #hacking #security

One Secret to 0:08:26

One Secret to Almost Guarantee Success At Anything - OSCP Advice

Interview With A 1:02:17

Interview With A Pentester - Tib3rius

TryHackMe Baron Samedit 0:14:48

TryHackMe Baron Samedit Official Walkthrough

OSCP: Are you 0:27:03

OSCP: Are you ready to try harder?

Network Pentesting - 0:12:10

Network Pentesting - 22 Dumping Password Hashes

Комментарии
Автор

The wildcard priv esc one was very cool. It was featured in the THM room Skynet if I'm not mistaken. Great video Tib3rius.

dropcake
Автор

Woahhhh I’ve never seen the last windows privesc before! Suuuper coool. Never found it applied to a ctf box before but someone definitely should! This is like a gem this makes me so excited

younesmohssen
Автор

When i jump into window as a linux user i couldn't even do anything because window is a noun variable

jprince
Автор

Hi there, great video! I have a question to the windows part: Who did you Setup the app to run as admin by running the shortcut to mspaint. The only way I found was to replace the shortcut command to: runas /savecred /user:.\admin mspaint
Then run it first time and provide password. After that creds are saved.
Any other way? How did you do that?

haitham
Автор

thanks for the talk and your other content \o/

JuanBotes
Автор

I don't think you can ever encounter writable passwd files 🤔

jag
Автор

I have a question regarding unquoted service paths execution. If the path was c:\Program Files\Some Directory Like This\Program.exe. How would the flow of execution be when it comes to c:\Program Files\Some Directory Like This?

psychorockz