VIM Shell | Ryan's CTF [06] Escape the Jail
Key Takeaways
Escapes a jail shell using VIM and privilege escalation to read a flag file
Full Transcript
this challenge from Ryan Nicholson CTF is called escape to jail for 30 points in the intermediate category it says enter the flag within the route flag text file so it's in the route home directory we can go ahead into their web shell log in with the credentials they gave us CTF 2 and challenge 2 but unfortunately we are not the root user we're only simply the competitor user so we can't move into that directory or take a look at what that flag particularly is so we need to escape the jail and determine what this may be and actually a privilege escalation situation so let's do some enumeration and actually see what we can run with the sudo command because that will allow us to borrow the root users like power and privileges so if you run sudo tak L you can see entries in the etc sudoers file and says what we can do here so user competitor in our case that's us may run the following commands on this host without a password and that's a user bin vim so that's pretty awesome we can sudo user bin vim or just straight-up vim if we wanted to and now we are running the VI or VI improved command line text editor as root and we can do interesting things with this like if we wanted to we can go ahead and edit the route or flag text file and then we could actually view the flag just like that or if we were to use colon and type in shell that would give us simply a bash shell and now you can see that ok we are the root user that's awesome to get remote code execution and just do the privilege escalation to get to be the root user so if we wanted to even from the show we could cat out the flag that we're looking for and we'd submit that as our solution and get that get the points through that we can take note of this in our own specific notes and we can mark that challenge as complete but that enumeration or basic reconnaissance of a box see what we can use for privilege escalation check the pseudo list and see what commands you can run easily that's good notes and good tips to learn from hack the box if you don't play that that war game but that's awesome for learning hey I need to give a special shout-out and some love to people that support me on patreon this list is getting longer every every day and it's just surreal to me I'm so thankful for you guys $1 a month on patreon will give you a special shout-out just like this at the end of every video five dollars a month on Pay I'll give you early access to everything now release on YouTube if you did like this video please do like comment subscribe hang out with us on discord link in the description and check me out on patreon thanks
Original Description
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
More on: Network Security
View skill →Related Reads
📰
📰
📰
📰
We launched Zalanx — security monitoring for lean SaaS teams
Dev.to · Zalanx
OSINT Framework Mimarisi: Dijital İzleri “Actionable Intelligence”a Dönüştürme Protokolleri
Medium · Cybersecurity
Trust After AI: Why the Physical World Needs a Verification Layer
Medium · Cybersecurity
Hunting Phishing Infrastructure on Netlify: Telegram Bot Exfiltration Across Multiple Lure Themes
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI