1
00:00:02,480 --> 00:00:08,900
So in this, you know, we are going to take advantage of this sweet binary system, so this system

2
00:00:09,860 --> 00:00:17,150
is a system deep and it is the one service that starts service with a router user.

3
00:00:17,420 --> 00:00:23,630
Generally, it will start with the user, and that's what the user does not have permission to execute

4
00:00:23,650 --> 00:00:23,790
them.

5
00:00:24,440 --> 00:00:34,340
So in this tutorial, I have said this security little as on, that we can execute this system still

6
00:00:34,670 --> 00:00:35,980
as the root user.

7
00:00:36,950 --> 00:00:39,500
So how to find the sweet binaries?

8
00:00:39,680 --> 00:00:42,930
That is the special binaries with the user ID on.

9
00:00:43,580 --> 00:00:51,150
So what we want to do is we need to find common find from a router tree and the permissions we need

10
00:00:51,200 --> 00:00:53,340
to switch for these user.

11
00:00:53,510 --> 00:01:01,770
With that is said to the easy to use, uh, user stands for the user, which should be set.

12
00:01:02,480 --> 00:01:08,030
And what I want is I want the only, uh, file type I don't want for us.

13
00:01:08,450 --> 00:01:13,870
And I want to read this to the owner, which is no black hole.

14
00:01:15,290 --> 00:01:24,920
No, I will get are the binaries that have this set you already picked on so I can execute all these

15
00:01:25,160 --> 00:01:26,560
binaries as a route user.

16
00:01:27,230 --> 00:01:30,140
But now we are focusing on this system.

17
00:01:30,620 --> 00:01:34,340
As you can see it, we have this user system CTO.

18
00:01:39,180 --> 00:01:48,660
So this is a normal desert is a normal user, and we cannot run any thorough comments, so by using

19
00:01:48,660 --> 00:01:53,760
the system, we will escalate our privileges from normal to user.

20
00:01:54,420 --> 00:01:58,760
So before that, I want to show you one thing that is done.

21
00:01:59,100 --> 00:02:00,840
Look at that service.

22
00:02:02,640 --> 00:02:11,650
So you need to define some, uh, variables and these systems, you will identify and execute, uh,

23
00:02:11,820 --> 00:02:19,950
the comments that are specified in this DOD service files, you will get so many of these service files.

24
00:02:20,310 --> 00:02:23,100
And I want to show you a simple one.

25
00:02:26,700 --> 00:02:29,620
So let me take that service first.

26
00:02:29,790 --> 00:02:35,000
So let me take this example, start service.

27
00:02:35,040 --> 00:02:37,440
Let me copy this and let's get.

28
00:02:40,750 --> 00:02:44,920
So, OK, this is not the service where we are going to look at.

29
00:02:49,040 --> 00:02:50,300
There will be.

30
00:02:56,780 --> 00:03:05,030
OK, now let me show you this, how you do service will be, uh, just that overview of this service.

31
00:03:06,350 --> 00:03:10,370
So here you have this unit section and service section.

32
00:03:10,850 --> 00:03:19,490
It is just for are the metadata of this service, your description, documentation, etc. And if you

33
00:03:19,760 --> 00:03:26,440
notice, clearly there is a service and the type is equal to something and you can see there is executed.

34
00:03:27,020 --> 00:03:32,350
So whenever I wrote this, you be able module, then it will execute this command.

35
00:03:33,770 --> 00:03:41,150
So if you press the reversal here and define your own service, then this reversal will execute as a

36
00:03:41,150 --> 00:03:47,540
router and you will get the, uh, privileges at the root on your current system.

37
00:03:48,800 --> 00:03:51,830
So now we are going to define our own service.

38
00:03:51,860 --> 00:03:52,670
It's very easy.

39
00:03:53,330 --> 00:04:00,130
We copy some of these, uh, variables here and in our home for the address.

40
00:04:00,860 --> 00:04:05,330
So sometimes we cannot write any files in the home folder for that.

41
00:04:05,330 --> 00:04:09,430
We want to come forward so anyone can write in the system folder.

42
00:04:10,130 --> 00:04:14,300
So let's Nannerl, let's say shall.

43
00:04:16,590 --> 00:04:25,850
A service, remember, there should be other service extension, so, no, let me call this, uh, foster

44
00:04:25,850 --> 00:04:32,350
parents unit and description to just identify and I'm going to change this.

45
00:04:32,380 --> 00:04:33,650
Just reverse.

46
00:04:37,730 --> 00:04:43,580
Now we can ignore this and copy this service.

47
00:04:46,210 --> 00:04:53,800
And one important thing you need to enter is user, you need to say user is a coaster under which user

48
00:04:54,070 --> 00:04:58,660
it should be generally if you do not enter this route.

49
00:04:58,900 --> 00:05:05,440
But for just, uh, simplicity, purpose we need to share user is cultural.

50
00:05:06,580 --> 00:05:08,140
So now let me copy this.

51
00:05:08,140 --> 00:05:09,200
A good start.

52
00:05:09,220 --> 00:05:11,680
So it's Xiqing.

53
00:05:13,590 --> 00:05:18,930
Onstott is equal to know what I can do is I can place a reversal here.

54
00:05:19,860 --> 00:05:22,960
So let me go to this point to get you to.

55
00:05:30,530 --> 00:05:40,190
So, no, let me copy some bash so we have this bash and let me know how already, OK, I have already

56
00:05:40,190 --> 00:05:41,490
this cheat sheet, OK?

57
00:05:42,080 --> 00:05:49,680
Anywhere it's covid this and where to get our stories, I would open new terminal.

58
00:05:50,390 --> 00:05:55,530
So this is our attacker machine since these two users are on their computer.

59
00:05:55,550 --> 00:05:59,450
I'm going to use one zero zero one as an example.

60
00:05:59,660 --> 00:06:02,720
So to catch up at the current user.

61
00:06:05,110 --> 00:06:11,570
So the 737 not the one that support number one, two, three, four.

62
00:06:12,220 --> 00:06:18,660
Now we need to copy this and we should not try to paint this whole comment.

63
00:06:18,700 --> 00:06:24,760
What we want to do is we need to have been a bash minus seat.

64
00:06:25,270 --> 00:06:32,450
Adequate discussion as this bashes are so big bash this reversal.

65
00:06:32,460 --> 00:06:38,740
Salpeter No, keep the conditions now that you have created your own shuttle service.

66
00:06:38,980 --> 00:06:41,060
And let me save this one.

67
00:06:42,880 --> 00:06:44,890
So now if I say cat.

68
00:06:46,850 --> 00:06:54,410
Shelter service, we have this, uh, service user on the route and execute on startup, uh, it will

69
00:06:54,410 --> 00:06:55,170
execute this one.

70
00:06:55,430 --> 00:06:58,010
So before the execution, we will set up.

71
00:06:58,010 --> 00:06:58,570
There is another.

72
00:07:02,390 --> 00:07:03,960
And about one, two, three, four.

73
00:07:05,450 --> 00:07:11,290
So now what do you want to do, you want to set us our belief system.

74
00:07:13,070 --> 00:07:22,770
So that is the actual path from the people that I needed to enable this, uh, shelter service, our

75
00:07:22,790 --> 00:07:23,290
camp.

76
00:07:41,730 --> 00:07:47,640
All right, well, let's show you this memorial to the home for the.

77
00:07:54,150 --> 00:07:55,560
So we are in the home.

78
00:07:57,960 --> 00:08:01,350
So let me say a home shared service.

79
00:08:06,660 --> 00:08:18,210
Keys to your right, all right, now we have set our service, so you just need to start this service

80
00:08:18,210 --> 00:08:23,810
and upon starting this comment, will get a do gooder and we get the reversal.

81
00:08:24,990 --> 00:08:27,830
That is the highly paid Brookshire.

82
00:08:29,370 --> 00:08:29,970
That means.

83
00:08:31,100 --> 00:08:32,520
Yes, Isabell.

84
00:08:36,060 --> 00:08:38,640
And I want to start, uh, shall.

85
00:08:41,350 --> 00:08:44,080
Now, if you see we got the crucial to.

86
00:08:44,380 --> 00:08:44,980
Who am I?

87
00:08:46,450 --> 00:08:47,810
We will see it.

88
00:08:48,440 --> 00:08:53,950
So we have successfully got the control of this computer.

89
00:08:55,000 --> 00:09:02,860
So in general scenarios, you need to switch to the Linux IP address at this point.

90
00:09:03,100 --> 00:09:04,900
So just I want to show you the one.

91
00:09:05,230 --> 00:09:07,510
That's why I put the same address.

92
00:09:07,840 --> 00:09:09,810
I hope you have understood this system here.

93
00:09:10,270 --> 00:09:17,230
You just create the one service and execute a need to set the reversal on state of command.

94
00:09:17,380 --> 00:09:18,970
And you start the service.