CyberSecLabs - Leakage - Linux [Walkthrough]

▶️ YouTube: https://www.youtube.com/c/PinkDraconian 🐦 Twitter: https://twitter.com/PinkDraconian 🎵 TikTok: https://www.tiktok.com/@pinkdraconian ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/ 📞 Discord: PinkDraconian#9907 📷 Instagram: https://www.instagram.com/robbevanroey/ 🕸️ Website: http://pinkdraconian.d4rkc0de.com/ 👨‍💻 HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Twitter: https://twitter.com/PinkDraconian Discord: PinkDraconian#9907 Website: http://pinkdraconian.d4rkc0de.com/

Platform: CyberSecLabs

Platform Link: https://www.cyberseclabs.co.uk/

Category: Machine

OS: Linux

Challenge name: Leakage

Difficulty: 1/10

00:00 Introduction 00:10 Nmap scan 00:23 Checkin out gitlab on port 80, making an account 00:50 Checking out public projects on gitlab seeing a commit to config.php containing credentials 01:35 Testing credentials on gitlab 01:45 Access to a new project containing a private rsa key, which we use to ssh in as jonathan 02:30 Key has a password so let's crack the key with john and ssh2john 03:20 Uploading linpeas with scp 04:00 Running linpeas.sh 05:10 nano has SUID bit set, we can run it as root 06:00 Uploading public key to /root/.ssh/authorized_keys to ssh as root ... https://www.youtube.com/watch?v=WeHYVYRjeg8