There's a problem: the final part compiling the kernel exploit isn't really the full intended path. You're supposed to get errors compiling as some programs like `cc1` which are necessary for compiling the exploit are not on the machine. You're supposed to have to manually install `cc1`, its package build-essential and dependencies to be able to even compile the exploit. Seeing as you were able to just compile, most likely someone already did the hard work of installing the packages for you. This was confirmed by talking to the creator of the box.
The original submission was supposed to do that, however it was removed before the box went live because it introduced a lot of annoying problems and didn't really teach anything. - Boxes don't have internet (you could install locally - If people just upload the deb files to install, it ruins it for other people Doing those steps is fine, but generally when you need to do that level of customization to your host machine or work around the annoying no internet issue. We consider it to be Hard and couldn't justify upgrading the difficulty of the machine to hard because the foothold was on the easier side of medium.
The LFI was a File_Get_Contents() not include(), which means it won't execute code between PHP Tags. Additionally, on most modern systems, apache cannot read the access log anymore.
I just smiled seeing the notification from UA-cam and my wife asked: “ten ten ten?” 😅
🤣
That’ll change soon and it’ll be 10.10.11. - it’ll be a hard habit to break
@@ippsec she saw the comment now. Response: “why is it changing?” 😅😅😅
😂
His voice is actually unique. Easy for 🧠 to fingerprint
Please keep explaining things the way you do
Your each video is very awesome, i have fixed 1 hour for your video. It's my daily routeen.
i always love how you made everything looks x100 times easier , thank you
Great walkthrough. I only got to the LFI, but i knew i should hit the apache configs, but just couldnt hit them right. Keep up the great work, Ipp.
I learn so much from watching your vids. Thank you!
Thanks IppSec! Would love to see more container exploitation videos.
That port 9001 is really unique, when someone say that number I instantly hear IppSec’s voice in my head xD
Thanks
Wonderful Explanation 👍👍👍👍
Love your videos!
Loved this video
7:06 for a moment there, I thought you were rich.
MARVELLOUS!!BLESS YOU
loveit!
I don't think the aggressive scan in wpscan works without an API key. I had the same issue. Works fine with a key.
First :) keep up the good work bro
"This one is medium"
There's a problem: the final part compiling the kernel exploit isn't really the full intended path. You're supposed to get errors compiling as some programs like `cc1` which are necessary for compiling the exploit are not on the machine. You're supposed to have to manually install `cc1`, its package build-essential and dependencies to be able to even compile the exploit. Seeing as you were able to just compile, most likely someone already did the hard work of installing the packages for you. This was confirmed by talking to the creator of the box.
The original submission was supposed to do that, however it was removed before the box went live because it introduced a lot of annoying problems and didn't really teach anything.
- Boxes don't have internet (you could install locally
- If people just upload the deb files to install, it ruins it for other people
Doing those steps is fine, but generally when you need to do that level of customization to your host machine or work around the annoying no internet issue. We consider it to be Hard and couldn't justify upgrading the difficulty of the machine to hard because the foothold was on the easier side of medium.
Hi could you just not read the Apache access log and wrote php exec in the user agent, I think this would give you immediately the RCE.
The LFI was a File_Get_Contents() not include(), which means it won't execute code between PHP Tags. Additionally, on most modern systems, apache cannot read the access log anymore.
Create a discord server for doubts and any other things to help each other.
Thank you
hello ippsec!
what is your discord mate? I would like to talk to you about something. Thanks
Someone should turn
python3 -c 'import pty;pty.spawn("/bin/bash")'
ctrl-z
stty raw -echo
fg
[ENTER] [ENTER]
Into a song