1
00:00:00,390 --> 00:00:00,870
Hi.

2
00:00:01,320 --> 00:00:06,630
So far, we've managed to hack into the server and within this lecture we're going to try and escalate

3
00:00:06,630 --> 00:00:07,650
our privileges.

4
00:00:08,220 --> 00:00:10,620
So we have already used that.

5
00:00:10,630 --> 00:00:12,250
So I'm going to close this down.

6
00:00:12,270 --> 00:00:14,860
We don't need Warshel anymore.

7
00:00:15,360 --> 00:00:23,450
OK, so let me come back here and I believe we don't need this and this one as well.

8
00:00:24,030 --> 00:00:25,230
So far, so good.

9
00:00:25,620 --> 00:00:32,340
Now, let me come back over here and just make this minimized so that we can see terminal in a better

10
00:00:32,340 --> 00:00:32,620
way.

11
00:00:33,120 --> 00:00:33,480
Yep.

12
00:00:33,480 --> 00:00:35,130
Clear doesn't work.

13
00:00:35,160 --> 00:00:40,470
So let me try and see if we have Shal over here and let me around.

14
00:00:40,470 --> 00:00:40,980
Who am I?

15
00:00:41,010 --> 00:00:41,280
Yep.

16
00:00:41,280 --> 00:00:45,730
We are determined we can run alerts, but we cannot run.

17
00:00:46,560 --> 00:00:48,900
Yeah of course we cannot go into the route.

18
00:00:49,290 --> 00:00:58,380
OK, let me try to go into a home and in home we already see some kind of robot thing and we have I

19
00:00:58,380 --> 00:01:00,480
believe we have a key to over here.

20
00:01:00,480 --> 00:01:03,380
Let me try to get that and see if we can get this.

21
00:01:03,990 --> 00:01:04,410
Nope.

22
00:01:04,440 --> 00:01:06,380
We cannot get the second key.

23
00:01:06,600 --> 00:01:08,430
We cannot get the second flag.

24
00:01:08,820 --> 00:01:10,860
So it's better.

25
00:01:11,250 --> 00:01:13,590
It's good that we cannot get this.

26
00:01:13,830 --> 00:01:19,500
So I believe there is a user called the robot because that's where we have found it.

27
00:01:19,500 --> 00:01:19,740
Right.

28
00:01:19,740 --> 00:01:27,880
We have a robot user under the home directory and this key two of three should have been the robots

29
00:01:28,740 --> 00:01:29,340
file.

30
00:01:29,350 --> 00:01:30,660
So we cannot read that.

31
00:01:31,230 --> 00:01:36,810
So let me read this password over here and see if this is the password of the robot user.

32
00:01:37,440 --> 00:01:40,770
So there is a hash over here and the name the five hash.

33
00:01:41,220 --> 00:01:49,590
And I believe we can just decrypt this so that we can try to see if we can log in as robot and use this

34
00:01:49,590 --> 00:01:50,280
password.

35
00:01:50,490 --> 00:01:50,970
Right.

36
00:01:51,390 --> 00:01:54,420
So if we can do that, then we can get the second flag.

37
00:01:54,570 --> 00:01:58,920
And I believe this is a good thing because we can be rude.

38
00:01:58,920 --> 00:02:00,600
We are robots, apparently.

39
00:02:00,600 --> 00:02:01,770
I don't know that yet.

40
00:02:02,310 --> 00:02:09,150
So I'm going to go for decrypt them, the five on line over here and let's find something that works.

41
00:02:09,330 --> 00:02:14,940
So I'm going to go here and the five phone line dot org and just get this.

42
00:02:14,940 --> 00:02:17,610
Let me just get this over here, OK?

43
00:02:17,610 --> 00:02:18,930
Let me just copy this.

44
00:02:19,760 --> 00:02:30,170
And pasted over there so that we can just try and decrypt it if we do this, let's see if we can get

45
00:02:30,170 --> 00:02:30,580
this.

46
00:02:30,980 --> 00:02:34,220
Nope, no result found in our database.

47
00:02:34,460 --> 00:02:38,810
So this decryption works like a wordlist attack.

48
00:02:38,820 --> 00:02:46,280
So if they have the same thing in their database, of course, it's not a wordlist attack, but the

49
00:02:46,280 --> 00:02:49,730
logic is they're comparing it with the previous hashes.

50
00:02:49,730 --> 00:02:53,600
So I'm going to try a lot of websites over here.

51
00:02:53,610 --> 00:02:56,950
So let's try this one in the five decrypt dot net.

52
00:02:57,680 --> 00:03:00,640
Nope, this is not in their database as well.

53
00:03:00,980 --> 00:03:04,070
So let's try this one hashes dot com.

54
00:03:04,490 --> 00:03:08,330
Let me try and just submit this and here you go.

55
00:03:08,330 --> 00:03:09,230
Hashes dot com.

56
00:03:09,230 --> 00:03:16,670
Find something, found something and I cannot see it properly, but I'm just going to copy and paste

57
00:03:16,670 --> 00:03:20,290
it in my notes that to see over here.

58
00:03:20,300 --> 00:03:23,300
OK, so that we can just take a note.

59
00:03:23,510 --> 00:03:31,970
I'm going to go over here and see to document CTF and Mr. Robot and over here we have to narrow into

60
00:03:32,210 --> 00:03:37,330
NATO and under this code.

61
00:03:37,670 --> 00:03:38,620
Yeah, here you go.

62
00:03:38,660 --> 00:03:43,130
This is ABC PFG So this is the whole alphabet, I believe.

63
00:03:43,340 --> 00:03:45,680
And the user must be robots.

64
00:03:45,680 --> 00:03:52,080
We are not certain yet, but the leads actually pointed that direction.

65
00:03:52,310 --> 00:03:56,240
So robot user with this password, let's try this.

66
00:03:57,410 --> 00:03:59,270
So let me just copy and paste.

67
00:03:59,270 --> 00:04:00,110
Yep, it works.

68
00:04:00,710 --> 00:04:07,100
So let me go back to our session and try to go into robot by running some robot.

69
00:04:07,670 --> 00:04:07,970
Yeah.

70
00:04:07,970 --> 00:04:10,520
It says that it must be run from a terminal.

71
00:04:10,730 --> 00:04:13,670
We don't have a shell over here.

72
00:04:13,670 --> 00:04:15,950
I don't know what we are into right now.

73
00:04:16,400 --> 00:04:18,350
So let's try and spawn the shell.

74
00:04:18,950 --> 00:04:20,960
I'm going to open my notes.

75
00:04:21,260 --> 00:04:26,050
As I have shown you before, we can try to spawn the shell with Titan.

76
00:04:26,390 --> 00:04:30,440
If we can run Python over here with a one liner, that would be great.

77
00:04:30,590 --> 00:04:33,380
So this is the first thing that I'm going to try.

78
00:04:34,250 --> 00:04:37,760
You can try with Basche or S.H., obviously.

79
00:04:38,060 --> 00:04:42,350
So patency import do device spawn Wimbush.

80
00:04:42,590 --> 00:04:44,180
So we have seen that before.

81
00:04:44,300 --> 00:04:50,000
If you didn't take note of that, just pulls the video and tried to take note of that.

82
00:04:50,000 --> 00:04:50,810
I suggest that.

83
00:04:50,810 --> 00:04:51,240
Really.

84
00:04:52,040 --> 00:04:53,000
So here you go.

85
00:04:53,000 --> 00:04:54,170
Now you got a shell.

86
00:04:54,530 --> 00:04:57,950
So we are determined at Linux.

87
00:04:58,700 --> 00:05:03,440
We cannot right clear right now, but we can run the other ones.

88
00:05:03,440 --> 00:05:06,290
So let me try to robot one more time.

89
00:05:06,530 --> 00:05:08,300
It will ask me for a password.

90
00:05:08,780 --> 00:05:11,150
Now, let me get that password.

91
00:05:11,150 --> 00:05:15,740
So let me close this down and verify it.

92
00:05:15,740 --> 00:05:24,220
So we have to go to documents, CTF, Mr. Robot and over here, no strategically.

93
00:05:24,560 --> 00:05:27,320
And copy that alphabet over here.

94
00:05:27,950 --> 00:05:28,490
Right.

95
00:05:28,490 --> 00:05:36,080
So let me copy this and come back to our session and pasted over there and see.

96
00:05:36,260 --> 00:05:36,920
Here you go.

97
00:05:36,920 --> 00:05:44,330
Now we are robots, so we managed to change the user and apparently we cannot clear disturbing at all.

98
00:05:44,330 --> 00:05:47,180
But if we one who am I then we are robots.

99
00:05:47,180 --> 00:05:48,920
If you're on it, we are robot.

100
00:05:49,190 --> 00:05:51,500
If we cut this flag too.

101
00:05:51,500 --> 00:05:53,900
Right now, let's see if we can do that.

102
00:05:53,900 --> 00:05:56,750
Keiki two of three texte.

103
00:05:56,780 --> 00:05:57,590
And here you go.

104
00:05:57,890 --> 00:06:00,740
Now we managed to get the second flag.

105
00:06:01,070 --> 00:06:10,370
Now I'm going to make a copy of this one as well and just leave it there so that if we can if we actually

106
00:06:10,370 --> 00:06:13,070
need this later on, we can come back and get this.

107
00:06:13,580 --> 00:06:18,140
So what I'm going to do, of course, I'm going to try and be rude now.

108
00:06:18,440 --> 00:06:18,950
Right.

109
00:06:19,130 --> 00:06:25,490
Because there are three flags and we are in the second flag phase and we need to be rude in order to

110
00:06:25,490 --> 00:06:26,540
get the rude flak.

111
00:06:26,960 --> 00:06:31,550
So let me try and see if we can find the root directory over here.

112
00:06:31,550 --> 00:06:32,990
If you can see into that.

113
00:06:33,290 --> 00:06:37,040
Nope, we cannot even code into the root directory.

114
00:06:37,490 --> 00:06:43,250
OK, so we're going to stop here and within the next lecture, we're going to see how we can escalate

115
00:06:43,250 --> 00:06:45,710
our privileges to become root.