Great video, really helpful. Actually found the explanation at the end around escalation in VI to root way more useful that HTB guide. Great work CryptoCat! 😄
Another great video! I was actually able to get pretty far into the challenge on this one before needing to look up a walkthrough, I think I'm starting to grasp things a bit better! 😂 A major part of that is due to your videos and how you explain the concepts/scenarios - thanks so much!!
Impossible to follow up your video, all the commands you executed are in the red line of the youtube, and every time I stop the video the redline appears. the only way to look your commands is to put the speed of the video in 0.25 to make the red line dissapear. Would massively help if you put your terminal 1 finger avobe the red line. The red line is the line where we manupulate the time frame of the video
Can someone help me please? When upgrading the shell to netcat, importing pty, then CTRL Z, when I type "stty raw -echo", then "fg", then after I type "export TERM=xterm" I can't press enter, instead it types ^M. This doesn't happen when I'm using the linux terminal, just when trying to get a fully interactive shell.
Great vid and very educational! Tysm! Bty you are too fast at some points I had to watch it on .5x speed to see the commands :D And a quick question; my sqlmap reverse shell keep dying with error connection timed out... I couldn't get to postgres password. anything I can do about it?
thank you 🥰 haha i've tried to cut/speed up parts where possible to compact it as much as possible. in the past i had people saying they watch on double speed 😆 i recommend upgrading the shell from sqlmap to standard netcat like 12:57 😉
@@satyambhat3540 Are you using the same reverse shell as I used in this video? The mkfifo one generally seems pretty reliable. Something I used to do when I had problems with shells disconnecting would be to spawn a reverse shell, then immediately spawn another from there e.g. first on port 1337, second on port 1338 (started from the the 1337 shell). That often worked for me although I've not needed to do it in a long time.
@@_CryptoCat yes I am using the same shell, and I suppose the problem is arising due to connectivity issues. So I will get back to you after trying the procedure with a stable connection.. Thanks for the quick response btw
@@_CryptoCat Hi I'm having the same issue i keep getting timed out, first time ive had this problem. So to understand better since im new , in this scenario you describe. You would spawn the mkfifo shell(1337) , then within the nc shell, spawn another shell but on port 1338 ?
" unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported " every time i try to run --os-shell i even tried with flush command in sqlmap
I got up to SQL map no problems, but then lost it, PWNBOX was not playing ball, but the moment I switched to my own Kali VM, sqlmap was fine. Sqlmap was where I jumped in for help, not experienced with it. Also I tried to use John the ripper to get the hash, no joy. Anything special needed for that? Thanks a lot, small steps but they are going forwards and a lot of thanks to you for the help 👍🏻👍🏻👍🏻
np mate, glad to hear it! john should work ok as well but you might have to specify the format e.g. john --wordlist=/usr/share/wordlists/rockyou.txt hash --format=Raw-MD5 (where "hash" is a file containing the MD5 hash)
@@_CryptoCat ah could be it. Also, any idea as to why the pwnbox seem to behave differently at times to times? Just the difference between parrot and kali/ software versions or something? Seems strange the --os-shell wouldn't work at all from SQL map on there but first time no problems on Kali...
12:39 [CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
Hi! after doing stty raw -echo; fg; for the cmd export TERM=xterm whenever I press enter "^M" this shows up and I cannot ctrl+c or anything on it, eventually have to exit that terminal and open a new connection back to it, the same happened with oopsie too. I used different payload so I thought that was the problem but here I copied the same and m still stuck there
Why is my sqlmap different from yours? I followed the instructions in your video. “[CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported ”
Really not sure on that one, can't find any similar errors for this online. Double check it's exactly the same as the video, maybe also see if SQLMap is out of date 🤷♂️
Hello Jonah, I followed exactly your methodology but after I try to run the "export TERM=xterm" command I'm not able to a get a reliable shell. The process terminates itself automatically. Could you please help me with the same I tried my best to resolve it but couldn't figure it out. Maybe we could connect somewhere and you could help me figure out. Thanks in advance!
@@nazeefkhan517 Thanks Bro I was stuck on this scratching my head for awhile . Once I switched to bash I was able to have a stable shell that I could background and foreground to input "export TERM=xterm"
Both great operating systems, I think kali is more popular but I've gotten used to parrot now. Tools are mostly the same and anything missing can be easily installed. The parrot devs did point out some benefits over kali in a HackTheBox livestream I watched but I can't remember them.. I'm sure kali devs would argue there's some benefits over parrot as well lol. Try it out for sure though!
I can't really remember the box tbh. I would suggest first check the official PDF walkthrough and see if it uses a different approach. Check the HTB discord if you don't get it, there's loads of helpful peepz in there providing support 😊
Hey crypto at First of all thank you for the video! Quite helpful one However I am stuck in this lab as I do not manage to get a shell with sqlmap. [CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported Any idea of how else I could try ? Cheers
Thank you 🥰 Check this out and see if it works for you: "If this has not been working for you, then just shows error message: "unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported". Let’s try the command below to flush any previous session information for the current target: sqlmap -u '10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=3bunoafekqn7uoob66h4rbn57a" --flush-session After that, please try --os-shell again" source: vict0rle.medium.com/box-3-htb-vaccine-393b2484e018
It actually worked! I did expect some cached information to be the culprit and tried to reset the machine (different IP afterwards) and also using the flag --fresh-queries but it didn't work Not sure why it works with --flush-session :p Thank you sir 🙏
wish you explained the last bit with the vi editor, do you press enter after you set shell? what did you do for it to dispear and seemingly do something before you entered:shell
update : it works now i was just saving the changes instead of running the file with :shell but thanks alot due, any advices for me plzz to be more accuracy , another thing do i have to learn from hackthebox academy to keep pwning machines on HTB Lab ?
@@mohamedreddad2684 Awesome, glad you got it working! You don't have to continue with HTB academy. In fact, I think getting stuck in and hacking boxes/challenges is the best way to learn! That said, if you find yourself constantly unable to solve boxes/challenges, it's a sign you need to do some more background learning and then HTB academy is very useful (although you can find all the same info for free online)!
@@_CryptoCat im really thankful to you for this bunch of info brother , another thing i wanna know if i keep pwning boxes am i able then to pass the oscp exame or eJPT ? and if i got one of them can i found a remote job?, can you help me with your experience or just advice me and thanks so muvh
@@mohamedreddad2684 Definitely mate! HackTheBox is great practice for these certifications and OSCP is very well respected, required/desired by many employers. eJPT not so much, but it can be a good stepping stone 🙂
@@_CryptoCat thanks a bunch dude i really appreciate it from you❤️ , what about starting with PNPT as well? is it a good idea or im gonna just lost time&money ?
why so fast man!!! you are do'in everything very fast ...plz do it slow ..im begginer ..it takes some time to understand these new thing .. at 13.00-15.00 i really didn't understand anything.. :(
sorry about that, it's difficult getting the right balance for the videos because everyone is at a different level. did you watch the preceding videos? typically i will explain something more the first time it's covered. if you have any specific questions i'll try to answer 🙂
I agree on your videos i have to play the same part 3 times sometimes :D so you could do it just a litlle slower , altough i like your videos very much and they are helpful allot ( i think the most distracting thing is your whole blue theme but ig thats ur image so :) ! @@_CryptoCat
No connection? Has it worked before? If not, double check IP/port (LHOST from tun0 probably) and connection to VPN. If it usually works, try reset box/swap VPN server 🙂
@@_CryptoCat there is a connection. Some websites dont work while I am trying to pwnd some machines. VPN works fine but I will try swap it. Cheers mate
@@_CryptoCat I'm having the same issue. It doesn't run it, it accepts as a text instead a command. after I typed ':set shell=/bin/sh' it doesn't give me the option to put the next command "shell"
Not too sure on the question, are you asking what this does or having problems with the command? It just sets the terminal emulator when we are upgrading out reverse shell (in this case to xterm but you could use something else)
I have *a* video: ua-cam.com/video/24dUQ1LvopE/v-deo.html I won't say "good" because it's not up to my current standard but it does cover a lot of the basics. As for your specific question.. It might just be a case of turning the "intercept" option off in the proxy tab? Then you can go into the HTTP history and view the requests. First, you need to make sure firefox is setup to use a proxy.. I recommend the foxyproxy extension for this. That's covered in the video anyway IIRC 🙂🙂
@CryptoCat I did use foxyproxy. I just couldn't get Firefox to forward to other sites when I turned it off. It hangs like it wants permission from burpsuite or something.
@@lKILLA In burp, you need to go to the intercept/proxy tab and turn intercept off. Sounds like it might be waiting for you to action the request, i.e. modify, forward, drop. I still run into this on a regular basis, wish it was off by default 🙃
Another great video! I love how you show the diffrent tools you can use, not just one. I also never knew about Revshells and GFTObins.
thanks mate! glad it was helpful 🥰
Great video, really helpful. Actually found the explanation at the end around escalation in VI to root way more useful that HTB guide. Great work CryptoCat! 😄
Thank you mate! 😊
Another great video! I was actually able to get pretty far into the challenge on this one before needing to look up a walkthrough, I think I'm starting to grasp things a bit better! 😂
A major part of that is due to your videos and how you explain the concepts/scenarios - thanks so much!!
Thanks mate! 👊
Impossible to follow up your video, all the commands you executed are in the red line of the youtube, and every time I stop the video the redline appears. the only way to look your commands is to put the speed of the video in 0.25 to make the red line dissapear. Would massively help if you put your terminal 1 finger avobe the red line. The red line is the line where we manupulate the time frame of the video
I see what you mean, thanks for the feedback!
great video , luv ur voice and the way of ur explaination keep up the good work learned alot from u ❤
Awww thanks mate 💜
Concise and good.
🥰🥰🥰
Can someone help me please? When upgrading the shell to netcat, importing pty, then CTRL Z, when I type "stty raw -echo", then "fg", then after I type "export TERM=xterm" I can't press enter, instead it types ^M. This doesn't happen when I'm using the linux terminal, just when trying to get a fully interactive shell.
hey, check this: security.stackexchange.com/a/251327
Thank you it worked
@@balinttaborszki3137 awesome! 🙂
Great vid and very educational! Tysm! Bty you are too fast at some points I had to watch it on .5x speed to see the commands :D
And a quick question; my sqlmap reverse shell keep dying with error connection timed out... I couldn't get to postgres password. anything I can do about it?
thank you 🥰 haha i've tried to cut/speed up parts where possible to compact it as much as possible. in the past i had people saying they watch on double speed 😆 i recommend upgrading the shell from sqlmap to standard netcat like 12:57 😉
@@_CryptoCat sir, have upgraded shell from swlmap to standard netcat shell, still the shell is dying afteer 3-4 minutes, please help
@@satyambhat3540 Are you using the same reverse shell as I used in this video? The mkfifo one generally seems pretty reliable. Something I used to do when I had problems with shells disconnecting would be to spawn a reverse shell, then immediately spawn another from there e.g. first on port 1337, second on port 1338 (started from the the 1337 shell). That often worked for me although I've not needed to do it in a long time.
@@_CryptoCat yes I am using the same shell, and I suppose the problem is arising due to connectivity issues. So I will get back to you after trying the procedure with a stable connection.. Thanks for the quick response btw
@@_CryptoCat Hi I'm having the same issue i keep getting timed out, first time ive had this problem. So to understand better since im new , in this scenario you describe. You would spawn the mkfifo shell(1337) , then within the nc shell, spawn another shell but on port 1338 ?
" unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
" every time i try to run --os-shell i even tried with flush command in sqlmap
Hmmmm I was going to suggest the same, flushing the session: vict0rle.medium.com/box-3-htb-vaccine-393b2484e018
Bro ur videos are super helpful
Thank you mate! ☺
Thank you very much, I like how well you explain it.
awesome! thanks mate 🥰
I got up to SQL map no problems, but then lost it, PWNBOX was not playing ball, but the moment I switched to my own Kali VM, sqlmap was fine.
Sqlmap was where I jumped in for help, not experienced with it. Also I tried to use John the ripper to get the hash, no joy. Anything special needed for that?
Thanks a lot, small steps but they are going forwards and a lot of thanks to you for the help 👍🏻👍🏻👍🏻
np mate, glad to hear it! john should work ok as well but you might have to specify the format e.g.
john --wordlist=/usr/share/wordlists/rockyou.txt hash --format=Raw-MD5
(where "hash" is a file containing the MD5 hash)
@@_CryptoCat ah could be it. Also, any idea as to why the pwnbox seem to behave differently at times to times? Just the difference between parrot and kali/ software versions or something? Seems strange the --os-shell wouldn't work at all from SQL map on there but first time no problems on Kali...
@@kylejf9059 honest i have never used pwnbox so couldn't say xD
@@_CryptoCat fair enough, I try to alternate a bit and get the use of them sometimes. Thanks for your time to reply 🙂🤝🏻
12:39 [CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
Maybe similar to github.com/sqlmapproject/sqlmap/issues/2024#issuecomment-232743904
You push enter way to fast and when you try to pause and read the code everything is hidden by the play button
Heard this a couple of times, will try to slow down 😅
dope video!
tyty 💜
Hi! after doing stty raw -echo; fg; for the cmd export TERM=xterm whenever I press enter "^M" this shows up and I cannot ctrl+c or anything on it, eventually have to exit that terminal and open a new connection back to it, the same happened with oopsie too. I used different payload so I thought that was the problem but here I copied the same and m still stuck there
Hmmm try without the "export TERM=xterm" bit, you might be using something else
go you have any tutorial about burpsuite ? thanks
ua-cam.com/video/24dUQ1LvopE/v-deo.html
Why is my sqlmap different from yours? I followed the instructions in your video.
“[CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
”
Hey, this write-up suggests to try the --flush-session command when you get that error: vict0rle.medium.com/box-3-htb-vaccine-393b2484e018
The problem is solved, I didn’t add a cookie so I didn’t get the shell, it’s cool😎
@@Sun_Q Awesome 👏
I cant seem to --os-shell no matter what i try i get --os-shell command not found
Really not sure on that one, can't find any similar errors for this online. Double check it's exactly the same as the video, maybe also see if SQLMap is out of date 🤷♂️
dont worry bout it managed to find the mistake turns out it SQLMap was buggin or smth i just reinstalled it @@_CryptoCat
Hello Jonah, I followed exactly your methodology but after I try to run the "export TERM=xterm" command I'm not able to a get a reliable shell.
The process terminates itself automatically.
Could you please help me with the same I tried my best to resolve it but couldn't figure it out.
Maybe we could connect somewhere and you could help me figure out.
Thanks in advance!
It's okay I figured it out
I was using zsh all this while
Another issue now.
rip me
Now after running the stty raw -echo
The terminal stops working and I unable to execute any further commands🥲🥲🥲
There's a few different techniques if that doesn't work for you: blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
@@nazeefkhan517 Thanks Bro I was stuck on this scratching my head for awhile . Once I switched to bash I was able to have a stable shell that I could background and foreground to input "export TERM=xterm"
same problem when using zsh too
Kali vs parrot,which is better? I'm thinking about trying parrot.
Both great operating systems, I think kali is more popular but I've gotten used to parrot now. Tools are mostly the same and anything missing can be easily installed. The parrot devs did point out some benefits over kali in a HackTheBox livestream I watched but I can't remember them.. I'm sure kali devs would argue there's some benefits over parrot as well lol. Try it out for sure though!
@@_CryptoCat thanks mate!learned a lot from your channel
Thank you bro!
The GFTObins VI tricks does not work for me.. I tried it many times with a machine reset..
Do you have an idea ?
I can't really remember the box tbh. I would suggest first check the official PDF walkthrough and see if it uses a different approach. Check the HTB discord if you don't get it, there's loads of helpful peepz in there providing support 😊
I'm maybe a little bit too late but I was in the same situation, then I realized I was not running vi with sudo... I'm so dumb
Hey crypto at
First of all thank you for the video! Quite helpful one
However I am stuck in this lab as I do not manage to get a shell with sqlmap.
[CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
Any idea of how else I could try ?
Cheers
Thank you 🥰 Check this out and see if it works for you:
"If this has not been working for you, then just shows error message: "unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported". Let’s try the command below to flush any previous session information for the current target:
sqlmap -u '10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=3bunoafekqn7uoob66h4rbn57a" --flush-session
After that, please try --os-shell again"
source: vict0rle.medium.com/box-3-htb-vaccine-393b2484e018
It actually worked!
I did expect some cached information to be the culprit and tried to reset the machine (different IP afterwards) and also using the flag --fresh-queries but it didn't work
Not sure why it works with --flush-session :p
Thank you sir 🙏
@@GintokiNoBaka Awesome! 🥰
Idk why but the connection to the webpage is getting bad everytime i try to osshell could u help me
Do you need to use the webpage at the same time as osshell?
@@_CryptoCat ill check later but this machine is sooo laggy idk why i am sitting on it since 2 days today is the 3rd with multiple tutorial
great job, take your like
why thank you! 🙏🥰
wish you explained the last bit with the vi editor, do you press enter after you set shell? what did you do for it to dispear and seemingly do something before you entered:shell
Sorry yes, hit ":" to go into the vim commands, 'esc' to escape from that command mode and 'return' to run the commands
when i try to edit the file with vim editor and save changes then it doesn't work with me i didn't got the root permission i dont know why!!!!
update : it works now i was just saving the changes instead of running the file with :shell but thanks alot due, any advices for me plzz to be more accuracy , another thing do i have to learn from hackthebox academy to keep pwning machines on HTB Lab ?
@@mohamedreddad2684 Awesome, glad you got it working! You don't have to continue with HTB academy. In fact, I think getting stuck in and hacking boxes/challenges is the best way to learn! That said, if you find yourself constantly unable to solve boxes/challenges, it's a sign you need to do some more background learning and then HTB academy is very useful (although you can find all the same info for free online)!
@@_CryptoCat im really thankful to you for this bunch of info brother , another thing i wanna know if i keep pwning boxes am i able then to pass the oscp exame or eJPT ? and if i got one of them can i found a remote job?, can you help me with your experience or just advice me and thanks so muvh
@@mohamedreddad2684 Definitely mate! HackTheBox is great practice for these certifications and OSCP is very well respected, required/desired by many employers. eJPT not so much, but it can be a good stepping stone 🙂
@@_CryptoCat thanks a bunch dude i really appreciate it from you❤️ , what about starting with PNPT as well? is it a good idea or im gonna just lost time&money ?
why so fast man!!! you are do'in everything very fast ...plz do it slow ..im begginer ..it takes some time to understand these new thing ..
at 13.00-15.00 i really didn't understand anything.. :(
sorry about that, it's difficult getting the right balance for the videos because everyone is at a different level. did you watch the preceding videos? typically i will explain something more the first time it's covered. if you have any specific questions i'll try to answer 🙂
@@_CryptoCat It is ok sir !! I appreciate Your efforts🤍👍🏻
I agree on your videos i have to play the same part 3 times sometimes :D so you could do it just a litlle slower , altough i like your videos very much and they are helpful allot ( i think the most distracting thing is your whole blue theme but ig thats ur image so :) ! @@_CryptoCat
nc doesnt like me :(
No connection? Has it worked before? If not, double check IP/port (LHOST from tun0 probably) and connection to VPN. If it usually works, try reset box/swap VPN server 🙂
@@_CryptoCat there is a connection. Some websites dont work while I am trying to pwnd some machines. VPN works fine but I will try swap it. Cheers mate
when when i click on enter i get ^M ? in stty ?
hey, check this: security.stackexchange.com/a/251327
You are a life saver ! I spent the whole day looking for the problem, i even deleted may VM, thanks a lot
@@anonymousvevo8697 awww np bud! 💜
Is there anyway to contact you ?!
@@anonymousvevo8697
↢Social Media↣
Twitter: twitter.com/_CryptoCat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: www.linkedin.com/in/cryptocat
Reddit: www.reddit.com/user/_CryptoCat23
UA-cam: ua-cam.com/users/CryptoCat23
Twitch: www.twitch.tv/cryptocat23
sa ne fonctionne pas le set shell=/bin/sh
Make sure not to copy and paste the commands e.g. first enter ':', then type 'set shell=/bin/sh', then ':shell'
@@_CryptoCat I'm having the same issue. It doesn't run it, it accepts as a text instead a command. after I typed ':set shell=/bin/sh' it doesn't give me the option to put the next command "shell"
@@na0 You are entering a ":" before each command right? ":set shell=/bin/sh" RETURN, then ":shell" RETURN?
export TERM=xterm^M
???
Not too sure on the question, are you asking what this does or having problems with the command? It just sets the terminal emulator when we are upgrading out reverse shell (in this case to xterm but you could use something else)
@@_CryptoCat i wiil try. My English not good.
@@morten-wangen Are you using kali? Maybe similar issue: security.stackexchange.com/a/251327
I had the same issue, it was because i was using zsh shell and not bash, you can run: exec bash --login to temporarily switch to bash shell.
@@_CryptoCat yep that's it, I figured it out, but thanks :)
I like ur british accent
Diolch
Had to look that one up! Thanks 🙏🥰
Do you happen to have a good video on how to properly set up burpsuite? Because it doesn't forward the sites automatically if I have interceptor on.
I have *a* video: ua-cam.com/video/24dUQ1LvopE/v-deo.html
I won't say "good" because it's not up to my current standard but it does cover a lot of the basics.
As for your specific question.. It might just be a case of turning the "intercept" option off in the proxy tab? Then you can go into the HTTP history and view the requests.
First, you need to make sure firefox is setup to use a proxy.. I recommend the foxyproxy extension for this. That's covered in the video anyway IIRC 🙂🙂
@CryptoCat I did use foxyproxy. I just couldn't get Firefox to forward to other sites when I turned it off. It hangs like it wants permission from burpsuite or something.
@@lKILLA In burp, you need to go to the intercept/proxy tab and turn intercept off. Sounds like it might be waiting for you to action the request, i.e. modify, forward, drop. I still run into this on a regular basis, wish it was off by default 🙃