SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF "GoodGame"

Рет қаралды 74,863

2 жыл бұрын

Join HackTheBox and start rooting boxes! j-h.io/hackthebox
Find some tips and tricks on their blog! j-h.io/htb-blog
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)

Пікірлер: 107

@znation4434 2 жыл бұрын

John: *Literally shows the first docker escape I've ever seen* Also John: "Wow I'm a dumbo"

@chillmechanic11 3 ай бұрын

When you didn't see the output for 22 port, it was because of your command. You did '> /dev/null' which made the succesful results go to null. What was needed is this: '2> /dev/null'

@relix12 2 жыл бұрын

Even though I can understand each step taken individually I wouldn't be able to string them together with my current skillset, but I did find solace in the fact that I had previously ran into and solved the bash -p hick-up. (*Insert Leonardo pointing meme here* The bash -p issue I ran across previously!)

@HundleBundle47 2 жыл бұрын

"We're root supposedly....but we're supposed to be user. Did we skip that?!" John out here too good for these level 1 boxes haha

@Logan_144 2 жыл бұрын

yo btw Thought I would just say, I recently found your channel and with every video I watch I learn something new, interesting, or another way of doing something I never even thought of! I love your content and I am pretty sure I will be a consistent viewer from now on. Keep up the great work John! :D

@sannyboi7298 2 жыл бұрын

Awesome video. Love your energy, your passion comes through and it’s contagious.

@neiltropolis 2 жыл бұрын

Love watching you work John! Thank you.

@zacharycook8179 2 жыл бұрын

just wow man.. watching you do this is so satisfying. So inspiring. WE. WANT. MORE!!!!!!!!

@debarghyamaitra 2 жыл бұрын

man the privesc was insane!! I didn't know that technique. Thanks John,

@chillytheprogrammer 2 жыл бұрын

I can’t believe how it only has one star of difficulty. I could never get that far

@somebodystealsmyname 2 жыл бұрын

I would say it was slightly below OSCP level. But all technikes used you should learn for it.

@gnorbsl4194 2 жыл бұрын

I'm sure there was a moment in his life where he was like you. No one becomes an expert over night, just keep learning and one day one stars might be too boring for you.

@DerMichael 2 жыл бұрын

I think I would have to spend an hour on each step that took him 5 minutes. Always thinking about what I have and what I need and then searching for ways to exploit stuff, probably using trial and error many times.

@neiltropolis 2 жыл бұрын

Respect to your honesty. I've had a difficult time too.

@younesmohssen8158 2 жыл бұрын

@@somebodystealsmyname oof! This is a bit ‘below’ oscp level? Actually? I signed up for 60 days and I’ll be doing my oscp in about a month and couldn’t get a crack at this machine. So I’m even more worried now lolol

@DHIRAL2908 2 жыл бұрын

32:43 You can use SH instead. It won't require any other libraries and would work with SUID!

@roguishowl3915 2 жыл бұрын

Just started CTF and i love the challenges, my work is mind numbing, so these challenges are a great way to spend the remained of my work day.

@charlesmarseille123 Жыл бұрын

this is gold, thanks a lot John!

@comradedad 2 жыл бұрын

You are a master at your craft. Awesome video.

@epicmotivevideo 2 жыл бұрын

Easy? How on earth .... I'd never get this as a noob. So much to learn ...

@r34w0lf 2 жыл бұрын

that was a cool privesc. learn't alot from this video. thanks!

@playmaker1011 2 жыл бұрын

Just a big thanks, u r the MAN✊🏻

@patik237 2 жыл бұрын

Wow I loved the video. Thanks

@danielstewart9584 2 жыл бұрын

Brilliant video, thanks

@R3APERSW4G 2 жыл бұрын

mounted file systems are dangerous, that was fun to watch!

@HAGSLAB 2 жыл бұрын

I've been watching all your recent content and it's great as well, but I must say, after watching this video, that I really miss these CTF box videos 😊 Just my personal opinion though, make the content you feel like making at all times, it makes it better that way.

@jacobfinder7476 2 жыл бұрын

John is Amazing... Outstanding

@TurtlesWrath 2 жыл бұрын

4:30 "People are all excited about Battlefield" That didn't age well...

@_JohnHammond 2 жыл бұрын

I rewatched this video before uploading it (granted this was recorded ~4 months ago) and I thought it was hilarious I tried to make a contemporary joke. xD

@Donder1337 2 жыл бұрын

Dude this is insane man, never though it would be this easy.......

@berthold9582 5 ай бұрын

Thanks John this machine is great

@mychanel9944 2 жыл бұрын

In case anyone is interested if you want to a fast check, beside a script in python to test a post with different values after js, if you are using Firefox, you right click on the post request, in the context menu there is an edit and resend command.

@lupenn5914 2 жыл бұрын

edit and resend on firefox is the most underrated feature

@valk9789 2 жыл бұрын

T-shirts you wear are so cool😎 to see!

@bammer800 Жыл бұрын

That was awesome to watch

@carminesans90 2 жыл бұрын

Amazing video. Please make videos like this one, it is so much entertainment

@kaitlynk2145 2 жыл бұрын

Would love a video of you setting up Ubuntu from scratch with how you install and what tools you install at the start

@reddinghiphop1 8 ай бұрын

Fantastic

@ikhmalfahmi9308 2 жыл бұрын

Yayyyyy back to CTF

@hakkimhazel7026 2 жыл бұрын

that was awsome video cool man i learn alot i didnt now before awsome man

@clarksoft 2 жыл бұрын

Love you, "sudo john"..

@Raser1995 2 жыл бұрын

I wish I had so mush fun do it. I think I understand mostly what were you doing, but I never be able to do it by myself and come up with all that stuff. =)

@Mandelord 2 жыл бұрын

My CRAZY mentor 🤣🤣😸😸

@rapid.reels0 2 жыл бұрын

John : Uploads a 30 mins video Me : "where tf are my snacks !?"

@hexstaticloonatic4194 2 жыл бұрын

Hey John, first of all great channel, love the content. Currently starting to learn about programming and am interested in white hat hacking side of things as well, thanks to you 👊 any resources you'd reccomend to get into the subject beyond hackthebox? Good luck with the channel anyway, cheers!

@user-mi3ih8ii5t 2 жыл бұрын

Great video. I understood everything except some of the subprocess ssti. What does setting stdout to -1 do? Cant seem to find documentation on that

@SF-eg3fq 2 жыл бұрын

probably the coolest guy in cyber security

@michealstammers3932 Ай бұрын

Im to htb, but that was cool to go through that.

@wantyapps 2 жыл бұрын

that privilege escalation was super cool!

@tolkienfan1972 2 жыл бұрын

You could have used "enumerate" to quickly identify the index of Popen

@jpierce2l33t 2 жыл бұрын

Wish HTB had more free content for those of us looking for a job 😞

@Infernottt 2 жыл бұрын

Super interesting way to get to root

@guilherme5094 2 жыл бұрын

👍!

@vishvalorant Жыл бұрын

GOD

@Jamie-Flight 2 жыл бұрын

John please please please do some more King Of The Hill video’s!!!! There’s not enough KOTH content on youtube and after all….. you are the KING

@sankalanagunawardhana9070 2 жыл бұрын

the outro is naiz

@thewokeone9859 2 жыл бұрын

ok n00b question. around @6:49 are you executing that python script from sublime text and then viewing the results in another tab?? if so, how so? thanks for this vid and you have a new subscriber....this makes me realize that I still have A LOT to learn.🙏🏼

@savipats Жыл бұрын

When you go to "Tools -> Build" you can see that it's possible to build your script with Ctrl+B. You might have to set it up first and make sure you use the correct interpreter, have the correct shebang line (#!/bin/python3 or w/e language u use) and have saved the script.

@berthold9582 5 ай бұрын

I would like to have the configuration of your terminal at this time.

@squ34ky 2 жыл бұрын

Did you remove the ransomware stream? I was hoping to go finish it later. 😢

@aaryanbhagat4852 2 жыл бұрын

This might be a naive question but I do not understand upon looking at an input which kind of injection to use, for example upon looking at the name feild how john went for template injection and not some other sql one?

@HAGSLAB 2 жыл бұрын

Experience and knowledge of the stack in use. There was multiple references to Python and Flask in headers and HTML. Knowing that, John used his experience (could also been researched on the spot) to realize that a server side template payload is a viable option at that point to get server side code execution.

@aaryanbhagat4852 2 жыл бұрын

@@HAGSLAB i think you misunderstood, I just had a basic doubt regarding the technologies in use, let me explain: When we saw the sign up form he tried sql injection which is fine but when he found the form to edit personal information, I thought that the backend will again be SQL but he went for templates. How can one find which input has templates in the background and which has SQL?

@HAGSLAB 2 жыл бұрын

@@aaryanbhagat4852 Well, it's both in this case. Backend database saves the field contents; `{{ 7*7 }}`, but then that template string gets rendered (executed) server side before sending the result to the client. So that's exactly what I mean when I say that he knows this from experience and knowledge of the underlying stack.

@aaryanbhagat4852 2 жыл бұрын

@@HAGSLAB I see.

@librasulus 2 жыл бұрын

And this is supposed to be easy? My head just blew up.

@tolkienfan1972 2 жыл бұрын

Python2 forever!!!

@zachtackett27 2 жыл бұрын

Love the video but keep in the troubleshooting parts. Provides insights into your train of thought for us pleebs

@mohamedsayed7363 2 жыл бұрын

john would you please , give us a road map to what you became at the moment , so i can add what is missing : and catch up

@booruledie3052 2 жыл бұрын

It’s definetely not easy.

@rodrigogarrido5772 2 ай бұрын

alguien me puede ayudar cuando gano acceso al contenedor docker a los segundos se me cierra la conexion ? a alguien le paso ?

@janettesaravia892 2 жыл бұрын

For starters in college to be a cybersecurity ethical hacker what laptop or computer is best that I should buy long term ?

@drivewayjunkie 2 жыл бұрын

any macbook pro imo.

@671Neuhof Жыл бұрын

Hp Zbook

@bhagyalakshmi1053 10 ай бұрын

How to trying (y/ n) testing .

@chowderz7554 2 жыл бұрын

Hammond why is your WiFi on my internet connections it keeps “connecting automatically”! Bro what you want from me??

@georgehammond867 2 жыл бұрын

that was fast..."Welcome Admin" ..inside 10min.

@ishanchoudhary4555 Жыл бұрын

I legitemately understood everything in the video, however why tf can't i do it like him

@STFUandFY 2 жыл бұрын

It has one star difficulty, becauset he password is only md5

@zachhockey 2 жыл бұрын

Did I miss something? How'd he know the password was 'superadministrator'? Surely not just a lucky first guess?

@HierImNorden Жыл бұрын

Five months later I was wondering the same thing... Turns out he got that from the database in the very beginning. I had already forgotten about that part after all the SSTI shenanigans. The user just happened to use the same password for both his Linux user account and the website account.

@hawk__ 2 жыл бұрын

New john is rather Blonde while Old one is Pale 😅

@AhmadAli-sd5mk 4 ай бұрын

We need the 2 min of troubleshooting 😅

@MygenteTV Жыл бұрын

Lol you just broke the VM and hacked in a different way... you have power

@jaspreetsingh4362 2 жыл бұрын

Where is golang video?

@cuttlefishn.w.2705 2 жыл бұрын

Nothing sold NordVPN to me like accidentally realizing that John uses it. I hope they pay you for unofficially sponsoring them.

@akvarium5 2 жыл бұрын

Тут есть русскоговорящие люди?

@javierhugo5412 2 жыл бұрын

Amazing video once again, but It’s quiet a mix up in my head when I Read about people grabbing multi-figures monthly as income in investments even in this crazy days in the market,any pointers on how to make substantial progress’s? Will be welcomed

@sandraken5250 2 жыл бұрын

Your right, in my honest opinion I think You have to have an idea on what you wanna invest in carefully before Investing in it

@olivefegan4607 2 жыл бұрын

@Javier You make it seem unreal to make up to that as a passive income annually,when it’s clearly possible. I made over 25thousand dollars from The starting of this year till now She’s a masterpiece and her name is Adira Stevens Rowe

@olivefegan4607 2 жыл бұрын

You can reach her thru her Tele gram page

@olivefegan4607 2 жыл бұрын

Tradewithadira is the name

@albertpitts417 2 жыл бұрын

My investment with Mrs Adira gave me profit of over $100k and ever since then she has never failed to deliver and I she’s the one who I invest with and feel safe

@JamesCollins90 2 жыл бұрын

"really easy"...... uhuh... go back to the username field and explain that ALLLLL again, and slow.

@euridicedeneuve8780 2 жыл бұрын

[Question] Hi I have a question : at 13', once you've modified the "/etc/hosts" file to add a match between the local machine address & internal-administration.goodgames.htb, why is there a different webpage that renders once you type internal-administration.goodgames.htb ? Since it resolves to the local machine address, I don't understand why we shouldn't see the goodgames home page from the beginning. I'm missing something.