Hacking Linux // Linux Privilege escalation // Featuring HackerSploit
Vložit
- čas přidán 30. 07. 2024
- So you think Linux is secure? In this video we'll escalate our privileges on Linux to become root.
// MENU //
0:00:00 ▶️ Introduction
0:01:15 ▶️ Jump to the demo
0:01:38 ▶️ About Alexis, background and experience
0:07:38 ▶️ Starting HackerSploit
0:08:47 ▶️ Alexis and Linux
0:11:03 ▶️ Which is the preferred Linux distribution?
0:12:01 ▶️ Recommended Linux distribution for beginners
0:12:33 ▶️ LinuxJourney.com
0:12:01 ▶️ Favourite hacking distribution
0:13:51 ▶️ The PenTester Framework
0:15:21 ▶️ Best method to install a distribution
0:16:46 ▶️ Recommendations
0:18:29 ▶️ Recommended distribution for real-world pentesting
0:21:44 ▶️ Starting CZcams channel
0:22:18 ▶️ Windows vs MacOS vs Linux
0:23:30 ▶️ Recommended laptop
0:27:16 ▶️ Other advice
0:28:38 ▶️ Recommended certifications
0:30:46 ▶️ Recommended pre-requisite skills
0:33:13 ▶️ HackerSploit Linux Essential for Hackers
0:34:01 ▶️ HackerSploit Windows
0:34:26 ▶️ HackerSploit Networking Fundamentals
0:35:11 ▶️ Get your fundamentals right
0:35:29 ▶️ Dirty Pipe exploit presentation
0:43:52 ▶️ Dirty Pipe exploit demo
0:55:14 ▶️ Exploit 1
0:57:03 ▶️ Exploit 2
1:00:23 ▶️ Learning how to change scripts
1:02:14 ▶️ Recommended script language
1:04:00 ▶️ Thoughts on Golang
1:04:44 ▶️ Recommendations for learning languages
1:05:41 ▶️ Closing thoughts
// HackerSploit Linux exploit scripts //
Dirty Pipe Github page: github.com/AlexisAhmed/CVE-20...
Dirty Pipe Blog: dirtypipe.cm4all.com/
CVE details: cve.mitre.org/cgi-bin/cvename...
// Hackersploit Videos //
Pentesters Framework: • The PenTesters Framewo...
Linux for hackers: • Linux Essentials For H...
Windows for hackers:
Nmap series: • Nmap Tutorial For Begi...
Linux exploitation: • VulnOS V2 - VulnHub Wa...
Windows exploitation: • TryHackMe - Steel Moun...
// Books //
Privilege Escalation Techniques: amzn.to/3xcPHjf
Automate the boring the stuff with Python: amzn.to/3LQA5Gl
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
CZcams: / davidbombal
// HackerSploit //
LinkedIn: / alexisahmed
CZcams: / hackersploit
Twitter: / hackersploit
Academy: hackersploit.academy/
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
linux
kali linux
kali linux hack
linux hacking
hacker
linux exploit
linux privilege escalation
linux hack
linux dirty pipe
linux dirty pipe explained
linux dirty pipe cve
linux dirty pipe exploit
linux privilege escalation
ethical hacking
linux priv esc
priv escalation linux
hackersploit
hacking
linux exploit
linux dirty pipe
dirty pipe linux
dirty pipe cve
linux vulnerability
linux security
linux exploits
linux kernel
linux kernel vulnerablity
dirty pipe vulnerability
#linux #linuxhack #hacking - Věda a technologie
So you think Linux is secure? In this video we'll escalate our privileges on Linux to become root.
// MENU //
0:00:00 ▶ Introduction
0:01:15 ▶ Jump to the demo
0:01:38 ▶ About Alexis, background and experience
0:07:38 ▶ Starting Hackersploit
0:08:47 ▶ Alexis and Linux
0:11:03 ▶ Which is the preferred Linux distribution?
0:12:01 ▶ Recommended Linux distribution for beginners
0:12:33 ▶ LinuxJourney.com
0:12:01 ▶ Favourite hacking distribution
0:13:51 ▶ The PenTester Framework
0:15:21 ▶ Best method to install a distribution
0:16:46 ▶ Recommendations
0:18:29 ▶ Recommended distribution for real-world pentesting
0:21:44 ▶ Starting CZcams channel
0:22:18 ▶ Windows vs MacOS vs Linux
0:23:30 ▶ Recommended laptop
0:27:16 ▶ Other advices
0:28:38 ▶ Recommended certifications
0:30:46 ▶ Recommended pre-requisite skills
0:33:13 ▶ Hackersploit Linux Essential for Hackers
0:34:01 ▶ Hackersploit Windows
0:34:26 ▶ Hackersploit Networking Fundamentals
0:35:11 ▶ Get your fundamentals right
0:35:29 ▶ Dirty Pipe exploit presentation
0:43:52 ▶ Dirty Pipe exploit demo
0:55:14 ▶ Exploit 1
0:57:03 ▶ Exploit 2
1:00:23 ▶ Learning how to change scripts
1:02:14 ▶ Recommended script language
1:04:00 ▶ Thoughts on Golang
1:04:44 ▶ Recommendations for learning languages
1:05:41 ▶ Closing thoughts
// HackerSploit Linux exploit scripts //
Dirty Pipe Github page: github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
Dirty Pipe Blog: dirtypipe.cm4all.com/
CVE details: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
// Hackersploit Videos //
Pentesters Framework: czcams.com/video/Bx3RLLD4NO0/video.html
Linux for hackers: czcams.com/video/T0Db6dVYyoA/video.html
Windows for hackers:
Nmap series: czcams.com/video/5MTZdN9TEO4/video.html
Linux exploitation: czcams.com/video/i-dQwejj518/video.html
Windows exploitation: czcams.com/video/BzmljZkgeSs/video.html
// Books //
Privilege Escalation Techniques: amzn.to/3xcPHjf
Automate the boring the stuff with Python: amzn.to/3LQA5Gl
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
CZcams: czcams.com/users/davidbombal
// HackerSploit //
LinkedIn: www.linkedin.com/in/alexisahmed/
CZcams: czcams.com/users/HackerSploit
Twitter: twitter.com/HackerSploit
Academy: hackersploit.academy/
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Thanks for taking the time 5o make this David and Alexi. As usual, it's a very educational piece of work! 👍
David you're amazing, you're just collaborating with amazing people like John, chuck, Chris, stok, nahamsec, hackersploit and connecting them to eachother !!. There very less people who are this amazing like you🔥🔥
Thank you Faran!
Totally agree. David and all of them are great and inspiring. Kudos to all of 'em. I also liked Chuck's brother in the latest videos:).
I love voice of hackersploit 😻😻😻
@@davidbombal Is it important to create a strong password for emails like gmail? because to decrypt it I suppose they would have to break the google server... or not?
I agree
David thank you immensely for the work you’re doing. A huge shout out to Alexis. He really is a great teacher I must say. Watching this video from start to finish really gave me an idea of Linux privilege escalation and Alexis equally made mentioned of the fact that we need to know the fundamentals of not only Linux, but windows, and know the various exploits too. I really had fun watching this video. Thank you very much.👍🏽
Thank you! And you're welcome!
What an amazing guest! Thank you for another great video. This one solidified in me that all the late hours and I mean LATE hours with my home-lab is the way to go about learning Kali and its tools.
the most i like about alexis is his speaking, he speaks slowly and clearly that while he start explaining, every words i listen clearly and fairly , he speaks with calm ,that's the best to explain the viewers.
This channel, and Hackersploit are the modern day InfoSec know it alls, and I’m living for it.
Oh snap, I'd had this saved in my watch later bc I knew it'd be good, but I didn't realize you had THE *Hackersploit* on this one! I watch all his stuff, he's awesome and such a gem to have in the community, and all the education he drops freely is invaluable! Loving these collabs David...you've done your research, and are getting the right people for sure!
Yet! Another great video on David's channel! My view of you have not changed! You are gold! Along with Alexis!
Yes! Another high level quality Collab David is brought to us. Thank you David.
David Alexis is an excellent guest. Alexis' methodology is top shelf. He's taken something complex and made it simple for an average user or beginner pentester to understand what is going on and harness the exploit. Well done!
Excellent! great amount of content, solid guest. Thank you, David. I am definitely looking forward to his recommendations about BASH.
Glad you enjoyed it Jair!
both of you paved the way fro me in Cybersecurity industry, I learned a lot from both of you and I'm respected where I work thanks to follwing your youtube training, shout out to y'all!!!
The Q & A format is really great. Thank you David.
Great video David & Alexis!! I have added Hackersploit channel to my study playlist about a month or so ago due to the OSCP test changes including more Active Directory! Love this!!! Can we see a certification for red team focus playlist? EJPT, PNPT, and OSCP focus maybe??
David your videos and questions that you ask has been really helpful. Im so glad i found this channel. And it's all free thanks you so much for such resourceful information. keep it up!
great stuff David Bombal , Your channel makes video viewing so seamless would be nice to talk about your setup and how you create each video , and what goes in to making those videos
This was the Best talk on Dirty Pipe I Ever heard. I listened to so many videos and read so many reports, but Alexis was the Only One to break it down far enough where it Actually Clicked for me, without having to see what he was doing. Now I am able to actually watch the video, and I am super excited
Just demoed Attactive Directory yesterday for a school project. You buys are the best, keep it up.
yay!!!! my two favorites on screen. thanks David! thanks Alexis!!
Great interview, Alexis is always fantastic and very professional while respectful. David didn't interrupt him like he tends to do with guests in my opinion.
-Great content Professors Alexis and David...!!!
-Every video and even in the discussions I see around, people ask how to get into Security, which is a process that I live myself, and I say it's a learning path.
-I always worked as an infrastructure professional in a military Datacenter and what was used as the 3 Skills Base were Sys. Adm. (Linux and Windows at least) Networks there not only protocols but also Vendors (Cisco, Juniper, Aruba, Fortinet, etc) and a programming language preferably Script (Bash, my favorite, Python, maybe Ansible), and some knowledge of virtualization and some programming language.
-With these Skills I could solve most problems and I see them as the basic Skills to understand a datacenter environment and the Cloud, which is basically the same virtualized environment in the Cloud datacenters.
-In Pentest I basically see the same knowledge as a base, with the difference that they can be more basic, for example instead of doing the CCNA you can do the Network+, instead of the 3 LPICs that I'm doing now who knows Linux+ solve.
-But this knowledge is necessary for those who make Pentest because if the person does not understand, for example, Sys. Adm. the system that will escalate privilege or the Scripting languages that you will use to make any changes to them or even understand what they do.
-I was very happy that I easily understood all the Alexis code which alias is very well done and he is to be congratulated...!!!
-But precisely because I understood everything, ideas came to me like, for example, trying to incorporate all the parts of the C code inside the Shell Scripts and creating an option menu instead of two separate scripts but one with both features.
-But the interesting part is how it redirects the Pipe Buffer I imagine it is using the same system that mirrors certain aspects of the tmpfs partitions where the kernel starts running in memory and mounts it for reading from the system as we see in /dev and /run, but It's just an assumption, I'd have to study what injection the code makes into the kernel, who knows after the LPIC I'm doing I'll take some time to analyze it better.
-Many thanks to professors Alexis and David for the very useful knowledge...!!!
Great episode.. lol..in 2007, I was a unix/linux/windoze admin analyst for telecom giant Bell Canada, I used to love Knoppix in those days.. or slackware..
It's amazing how far these communities have come since then..
Ty
What a great collaboration. Hackersploit has got serious skills and I've been watching his material for a while now. So glad two of my CZcams tutors have linked up. RESPECT TO YOU BOTH
Love these guys! Can’t wait to dig in let’s goooooooo!
David Nice work on video production as well as content. keep up !
Thank you for hosting Alexis Ahmed this guy is real great.
What a wonderful video. So nice of you David!
I was urgely waiting for the Collab of two awesome educators 😍😍😍😍😁
Hope you enjoy the video :)
Loving these interviews with the Hakers I admire. ThankYou David.
That was huge.Thank you David for the valuable content you present.
man, David, your videos are amazing! Thank you for that
Very very insightful! Thank you David 🙏
You know david you just know hiw to ask the right questions, your interviews leave me satisfied
Congrats on 900k David. Thanks again for changing my life.
Thank you! So happy that I could have helped you in your journey!
David you have THE BEST content on YT for cyber.
"Whats it called and how do people get it?" Straight to the point, these videos are awesome
HackerSploit has been by far one of the best content creators on this subject.
excellent, thank you Alexis, thanks David. ❤
David your videos are so helpful. Keep up the good work
Amazing Guess, this person speaking very, very honest and objective. Thanks Mr David!!!
You're awesome David....i love and respect you and you're contents..❤
Loving these collabs
Glad you are Isaiah!
David i love your videos and i do appreciate you giving your time to share you knowledge, along with your guests.
Could you do a series on a more defensive aspect? I would like to know your opinion related to malware, rootkit, etc scanners, specially for linux OS. Do you use any? Do you have bash scripts related for those?
Hearing Truth Flow as a River like this, is not often heard & never seen. Thanks for Searching for & Sharing The Truth!
Amazing interview!
Great, we are waiting for more long videos, yes we want to learn about bash scripting for recon
David i have a question that when are you going to do a QNA video and really nice informative video on Linux.
It is good for you, hope all have that kind path of opportunity, hope somehow here in CZcams have a real step by step detail on how to do it , not just like a talk show like this, hope there is a real detail ed to do it...🙂
Thankyou David for asking the questions on system requirements and starting out. As a regular viewer of your videos I love this journey on my learning curve. I shall be visiting Hackspoilt and look forward to next and all vids.
What a content David love it..... 😍😍😍
I love alexis content, he's probably one of the best cyber security youtubers out there. he's taught me a crap ton, and really got me hyped to get into the field.
Yes his voice is also very chilling 🔥😍
Omg the much awaited ⛳
Wow I have watched several hackersploit videos and to my surprise dude is from my city.am just motivated to keep pushing hard and never stop learning.
Alexis is the evolved human we all need.
Amazing video!
He is such a great guy. A lot of material on his channel goes over my head but he is such an inspiration I can't stop watching. You can see he is a good guy who mainly does this think to improve everybody's life. I would love to see him do some courses on bash from intermediary to advance.
awesome awesome awesome Thank you David
I had a blast with virtualization using virtual box however I have a very low budget laptop. so to free up the overhead of running Microsoft to run virtualbox, I made a live usb to boot my Linux system. my laptop performs much better now.
Big up to the Real Hackersploit Mr. Alexis Ahmed my number one penetration testing teacher.
This quote changed my perspectives of programming "THE BEST TO LEARN PROGRAMMING IS TO ACTUALLY JUST DEVELOP WHATEVER YOU WANT TO DEVELOP"
That is a great view :)
WoW that is awesome 👌 👏 👍 😍 Question is it possible to name the music which is at the end of the last 5sec
My favorite teacher 😻
I love his voice
How can you defend against scammer calls? Aside of use trucaller (doesnt work always)
Nice !
I've downloaded the Kali Linux on VMware workstation but in the first page I that I have to enter my password and username I can't type anything ,it looks my keyboard is not working there but out of that my keyboard is working , please help me please please please please
finally,
Hackersploit reveal his background 😭
I've been waiting until this opportunity to learn from him.
His background story same as me,
But. I haven't touch into any pentesting organizations!😕
I'm still a kid with greater learner of hacking
Cheers Mate.
Yayy , my ??? Wish course should I do Network + O security + , before jumping into hacking???
so I'm on a good path, starting programming, starting ubuntu, everything's fine!
I can't wait for Hackersploit Distro !!!!
I think it will be great 😀
@@davidbombal Yup, it will be good to have the possibility to get our hands on something different and see how they prepare their distro just focusing on the work.
I rarely leave comments on YT but, mate, your videos and the people you put on the front row are really awesome for anybody interested in the this domain.
Thanks a lot for what you do. I understand that you read that kind of comment everyday, but I guess one more from another anonymous watcher won't hurt :)
Keep it up, mate.
NB : you production is always so clean too...
Mst video hai !
I'm using kali on usb live boot and I'm using my laptop's internal wifi card which supports monitor mode but when i run wifite it stucks at searching for devices and couldn't find any wifi network. please HELP
Hi I added a new user and give it a sudo permissions but the commands aren't showing the same as the first user if I typed sudo or wfconfig wrong it won't show red or green if it's true I just wanna fix this
Thanks for great content David! Q: I tested the vulnerability on my kali system which is vulnerable (kernel: 5.16.0-kali6-arm64). When creating an unprivileged user 'user' and running the exploit-1 file, the scripts hangs at first command: "Backing up /etc/passwd to /tmp/passwd.bak ..." and nothing happens. How come?? I followed all the steps as mentioned. (uid=1001(user) gid=1001(user) groups=1001(user))
Good vlog iam a Doctor in computer science from the old school Major was the Mainframes computers the things I call Toys Laptops etc I've been doing programming since Dos iam 75 and retired helped put Linux on mainframe at IBM boblingen Germany iam an American living in Germany also programmed youtube security system iam in mainframe security specialist nice vlog
Excellent ❤❤❤
Amazing video
Is it important to create a strong password for emails like gmail? because to decrypt it I suppose they would have to break the google server... or not?
👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻
💝
Great video
Hi David, I want to sub to your udemy courses for CCNA but I noticed two that are almost identical. Is there a difference between them?
39:00 , OMG you should have asked you should have asked for resources to understand that. I've been looking for something, getting the "wrong" books etc.
Thank you guru.
aaye one of my fav hacker HackerSploit
i use a dual boot and it works really good
cant find the link to the bash resource? also, can't find any info on the "egapt" cert he recommended
I've downloaded the Kali Linux on VMware but I'm the first page that I have to enter the username and password and can't type anything , please help please please
HI, thank you :)
This came just in time as I've been working on privileges escalation
Hope you enjoy the video :)
@@davidbombalI'm brand new to cyber security and really appreciate your content
Alexis' book is handy for that goal.I've been reading his book these days. Recommended.
@@Emre-qc6cf thank you
@@Emre-qc6cf what is the book name?
Respected David Bombal sir,
i am a student from india and curious about cyber security but didn't know even a single thing about cyber security and want to start it so please make a video that how a stduent can start its carrier in cyber security.
hope you will make it and i am wating for the video.
Nice
Is that pkexec vulnerability issue repported a few week ago
i LOOOOOved this....am in Nairobi as well.
woooooooooooooooooooooooooooow
DAVID really Awesome 😊
Than you!
DB❤️❤️❤️
what version or linux and php version did you use as an example?
Hello David, I'm really interested in becoming ethical hacker, Network Technician, or Linux administrator. I only have have basic Skills in IT, CompTIA A,N and S+. Any advice on how to go on and later secure job as Junior Tech?