Book write-up by rub1ks

Hey there,

This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
Check it out:

Cheers!

This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!

Love to see it, thank you! Quality stuff.

Type your comment> @rub1ks said:

Hey there,

This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
Check it out:

https://medium.com/@apipia92/book-write-up-6864dca9489d

Cheers!

Haven’t read the document yet, don’t want to ruin my fun. I will, though.

I really appreciate you addressing the ‘why’. The tutorials that lead people I to a straight path to the goal have their place, but I like your vision a hell of a lot more.

It one thing to show ‘this is how you do this one thing’, it’s another thing to actually learn people about the mindset they need to acquire.

Thanks for taking the time writing it down and raising the bar for walkthroughs. We need more of these. Thanks man.

@rub1ks said:

Hey there,

This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
Check it out:

https://medium.com/@apipia92/book-write-up-6864dca9489d

Cheers!

Excellent write up - really appreciate you sharing it. As @gnothiseauton has said, it is raising the bar quite a bit.

One comment though, is there a reason you went for a reverse shell rather than grabbing the root SSH keys?

(edited to correct a typo!)

@gnothiseauton
@jxPhreak
Thanks for all the great feedback!
@TazWake
That’s a great question. I suppose that it is always a good idea to get ssh keys if they are there. Although, without read access to that .ssh directory, one wouldn’t know they were there. You would need to run the exploit assuming they’re there and crossing your fingers. I don’t remember checking if there were keys for the root user, or if we had read access or not. I suppose I was just following the exploits instructions. That’s a good thing to look out for though, moving forward.

Whenever I have the opportunity for command injection during priv-esc, I typically always go for a reverse shell, then, if possible, use that shell to find keys.

Thanks again for the feedback. I want to keep making these so I appreciate the comments.

Wonderful writeup. I really appreciate your work on this. Thanks for explaining the exploit a bit further. Much respected.
Post more writeups.
:slight_smile: