Another good video. Just one small detail (whbich is not widely know and many people confuse that) - the least significant 3 bits in the DAC permisions are not setting what "all" users can do. It sets what "others" can do. The difference is that "others" means all users that are not part of the group that is owning this file and are not the owner of this file. if the file is owned by user:user and its permissions are set to 007, all users except the user "user" (and all users is "user" group) could open the file. "user" being owner of a file can chmod it so it's not useful but this technique can be used to give access to all users except those who are in one particular group by doing: chown :particulargroup file; chmod g-rwx file So those permissions should actually be read in opposite order - first user permissions, if you are not the owner of the file, group permissions apply, if you are not in a group, others permissions apply.
I believe windows now comes with openssh already installed, so putty isn't needed anymore. You can open powershell and type "ssh" then hit enter to test. If you get something telling you about ssh "usage" you have ssh on your system
I recommend people getting 'git bash' to ssh in, you can use this as a linux terminal on windows so has lots of functionality outside of ssh ing into things alone
Exploit-exercises.com is down, any chance you can upload the "exploit-exercises-protostar-2.iso" file? I'd really like to test my skills before 14'th of october.
I have been watching all your videos and have to say it .You have by far the best explanations and methods used , I have ever seen . Keep up the good work .
If you're on virtual box and don't know why putty doesn't work go to settings -> network -> adapter1 -> change attached to: to Host-only Adapter, and then restart protostar you will then have the correct IP for PuttY
You can also just use Bash on Windows, it has ssh package preinstalled. I feel Bash on Windows works better than PuTTY, it also has scp and other goodies ready for use in the same terminal. A lot of manufactures gives unlockable bootloader, which let you get root on Android without exploiting a vulnerability, but yea, an universal root will need an exploit.
What font (name, size, etc) are you using in putty? It looks so much better than the default. Have you changed any of the other default putty settings?
Hi! I was watching the video, but while i tried to download the different programs, different problems rose: 1-Protostar is now substitued by Phoenix. Is it the same? 2-I have windows 10, but i practice with your videos with Ubuntu on a VM. Where do i have to download programs? These are the problems that i had in the first 3 minutes of the video, so if other things are explained later, i haven't see them yet. Thanks for the support.
sorry to bother with a probably dumb question, but i don't what to do to solve this. When i'm trying to boot the iso, it stops on this error: udevd-work[155]: '/sbin/modprobe -bv pci:' unexpected exit with status 0x0009 I'm using Virtual Box. I'll be glad for any help.
Thanks for the video but I am stuck at the most begin :( When I boot the iso in Hyper-V, I get only lo adapter, no eth0... I changed the network adapter of VM but no help. In /etc/network/interfaces, I see only lo, tried to add eth0 then restart network service but gives error "No such device".
I know this video is kinda old, but i have a problem with setting up the Protostar. I've been trying on every OS named in the video, but when I try to connect to the Protostar it says the connection is timed out. Any idea why? :-) Thank you in advance.
I used Oracle VirtualBox. I Changed the network to bridged but now its says "network error connection refused". what now? sorry if it is a stupid question...
i had the same problem, and looked at the answer that +LiveOverflow gave you, and then opened the maschine again and the ip changed, so i had to reconfigure the Putty settings for the protostar to the new ip, and then it worked. I'm pretty sure you already solved it since I'm 5 months late, but if someone else had this problem, I am glad to help :)
Hey man, you're awesome you teach me so much, you are a crack, but i have a question, you connect the windows with vmware, and i'm working on debian with virtualbox and putty doesn't connect with ssh with the protostar, is necesary make that on vmware?
are you sure you have an ssh server running on your debian? The VM I'm using has it already installed. Also you should check your network configuration, if the VM is even accessible to you
+LiveOverfllow So would developers, who are afraid of getting their code reversed, be better off writing software that can only be run as root? So you can't attach debugger... Or am I missing something? (about the very last part of your video)
No. The owner of the pc can also run as root and debug it. It’s just a special car where the user has only unprivileged access. If a developer doesn’t want to get reverse engineered, then no application must be distributed to the client. For example do everything on a server.
6:00 I use phoenix instead of protostar because it's recommended by the exploit.education site, but... /opt/phoenix/amd64/stack-zero isn't root anymore? the ps aux command shows phoenix+ instead of root
If someone has ssh issues - you can check this : unix.stackexchange.com/questions/272442/i-cannnot-connect-to-guest-osprotostar-through-ssh-from-host-pc-linux-mint
Thanks for the video but I am stuck at the most begin :( When I boot the iso in Hyper-V, I get only lo adapter, no eth0... I changed the network adapter of VM but no help. In /etc/network/interfaces, I see only lo, tried to add eth0 then restart network service but gives error "No such device".
Another good video. Just one small detail (whbich is not widely know and many people confuse that) - the least significant 3 bits in the DAC permisions are not setting what "all" users can do. It sets what "others" can do. The difference is that "others" means all users that are not part of the group that is owning this file and are not the owner of this file. if the file is owned by user:user and its permissions are set to 007, all users except the user "user" (and all users is "user" group) could open the file. "user" being owner of a file can chmod it so it's not useful but this technique can be used to give access to all users except those who are in one particular group by doing: chown :particulargroup file; chmod g-rwx file
So those permissions should actually be read in opposite order - first user permissions, if you are not the owner of the file, group permissions apply, if you are not in a group, others permissions apply.
+Krzysztof Adamski Thanks for picking apart what I say! I hope people read your comment
He protecc,
He attacc,
But most importantly,
He smash that stacc
@psychopath ima end this mans whole career
I love these vids. I've learned so much since I discovered this channel 3 days ago :)
very happy to hear that! :)
pls dont stop u are my man, grüße ;)
how are you now?
6:07 excitement level
Yes
Thanks for all your help! I am 90th/2000 on my first CTF! :)
Nice dude
I believe windows now comes with openssh already installed, so putty isn't needed anymore. You can open powershell and type "ssh" then hit enter to test. If you get something telling you about ssh "usage" you have ssh on your system
For me, hacking conveys a spirit to be open and convey knowledge. Nice
I recommend people getting 'git bash' to ssh in, you can use this as a linux terminal on windows so has lots of functionality outside of ssh ing into things alone
Exploit-exercises.com is down, any chance you can upload the "exploit-exercises-protostar-2.iso" file? I'd really like to test my skills before 14'th of october.
Zum Verlieben! "We don't want to be excluding like so many other parts of our society. ..."
I spent 3 hours trying to understand your 9 min video. You are just amazing.
I have been watching all your videos and have to say it .You have by far the best explanations and methods used , I have ever seen . Keep up the good work .
here's the new link for PROTOSTAR::
www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/
How would I set this up in a 64bit Linux machine(x84)? I currently have no access to windows and am new to all these things. Thanks in advance.
If you're on virtual box and don't know why putty doesn't work go to settings -> network -> adapter1 -> change attached to: to Host-only Adapter, and then restart protostar you will then have the correct IP for PuttY
THANK YOU
GODSENT COMMENT
4 + 2 +1 = 7
4(R) + 2(W) + 1(X) = 7 (RWX)
777 = RWX(Owner) RWX(Group) RWX(World)
Bit flags:
S = SetUID (either 0, 1, 2)
T = Sticky
Meh that was random, enjoy.
You can also just use Bash on Windows, it has ssh package preinstalled.
I feel Bash on Windows works better than PuTTY, it also has scp and other goodies ready for use in the same terminal.
A lot of manufactures gives unlockable bootloader, which let you get root on Android without exploiting a vulnerability, but yea, an universal root will need an exploit.
are there any risks of running vulnerable vms in bridged mode?
What font (name, size, etc) are you using in putty? It looks so much better than the default. Have you changed any of the other default putty settings?
Just discovered your channel man, love your videos, good shit!
"Well on those real devices, like IOS, it's really fucking complicated.."
Hi! I was watching the video, but while i tried to download the different programs, different problems rose:
1-Protostar is now substitued by Phoenix. Is it the same?
2-I have windows 10, but i practice with your videos with Ubuntu on a VM. Where do i have to download programs?
These are the problems that i had in the first 3 minutes of the video, so if other things are explained later, i haven't see them yet. Thanks for the support.
Protostar is the last one listed
@@arandomstranger6954 Yeah, i make it. Thanks.
sorry to bother with a probably dumb question, but i don't what to do to solve this. When i'm trying to boot the iso, it stops on this error:
udevd-work[155]: '/sbin/modprobe -bv pci:'
unexpected exit with status 0x0009
I'm using Virtual Box. I'll be glad for any help.
Thanks for the video but I am stuck at the most begin :( When I boot the iso in Hyper-V, I get only lo adapter, no eth0... I changed the network adapter of VM but no help. In /etc/network/interfaces, I see only lo, tried to add eth0 then restart network service but gives error "No such device".
There's an interesting channel with that name stacksmashing
very good explanation. subscribed
Are you from Germany? Your accent sounds very german :-D
Nope
Yes they are from germany
perfect explanation dude
is there anyway to run a compiled c program self - coded in that protostar?
06:07 when you watch him always success in the video, and you keep failing for every single time you try it
I know this video is kinda old, but i have a problem with setting up the Protostar. I've been trying on every OS named in the video, but when I try to connect to the Protostar it says the connection is timed out. Any idea why? :-) Thank you in advance.
me too
+dvir dvir sounds like network is not properly setup. Try different network VM settings like bridged etc.
I used Oracle VirtualBox. I Changed the network to bridged but now its says "network error connection refused".
what now?
sorry if it is a stupid question...
i had the same problem, and looked at the answer that +LiveOverflow gave you, and then opened the maschine again and the ip changed, so i had to reconfigure the Putty settings for the protostar to the new ip, and then it worked. I'm pretty sure you already solved it since I'm 5 months late, but if someone else had this problem, I am glad to help :)
great video as usual
kool vid, when is the next one out!?
+mylampdatabases in like ~3 days
i love you LiveOverflow
Hey man, you're awesome you teach me so much, you are a crack, but i have a question, you connect the windows with vmware, and i'm working on debian with virtualbox and putty doesn't connect with ssh with the protostar, is necesary make that on vmware?
are you sure you have an ssh server running on your debian? The VM I'm using has it already installed.
Also you should check your network configuration, if the VM is even accessible to you
I'm gonna check that, thanks. Man i have a proposal that you can interested, can i told you for private?
See your DM's man ;).
@@Odsification Honestly this should comment should be pinned :). Thanks a ton.
If you are using VirtualBox make sure to port forward!
instead of bridge mode?
7:50 foreshadowing lmao
Protostar is basically metasploitable 2 but for reverse engineering
1:05 the site seems to have changed nowadays. How can I follow this tutorial?
ah! it turns out moved to exploit.education :D
"Except on Android and IOS the process is fucking complicated" You really emphasized it lol
"What the fuck" ~ LiveOverFlow
It seems that the exploit exercise servers cannot be accessed anymore.... Can anybody plz help me....I don't know where to find them....
www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/
Thank
Help it says ssh: connect to host 192.168.1.255 port 22: Network is unreachable
I have figured it out. I was reading the wrong ip
Cool, you used to curse a lot in the past...
he had to tone it down for more viewers and more ad money i guess
Nice
oww man, the smashing stack paper uses AT&T syntax
It seems the exploit exercises website has expired, where can I get the WM?
www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/
"what the fuck" with German accent
and unfortunately exploit-exercises.com is not reacheble:(
it's now exploit.education
u r the best youtuber coz of u r way of explaining i have a hunch that u can be the best teacher in the world
Note: you can login with root and you will be able to use tab completion and all that good stuff
LOGIN -- root
PASSWORD -- godmode
Aleph1
+LiveOverfllow So would developers, who are afraid of getting their code reversed, be better off writing software that can only be run as root? So you can't attach debugger... Or am I missing something? (about the very last part of your video)
No. The owner of the pc can also run as root and debug it. It’s just a special car where the user has only unprivileged access.
If a developer doesn’t want to get reverse engineered, then no application must be distributed to the client. For example do everything on a server.
6:00
I use phoenix instead of protostar because it's recommended by the exploit.education site, but...
/opt/phoenix/amd64/stack-zero isn't root anymore? the ps aux command shows phoenix+ instead of root
6:44
ah! it turs out the owner of the stack-zero file isn't root in my case XD
it's phoenix-amd64-stack-zero
If someone has ssh issues - you can check this : unix.stackexchange.com/questions/272442/i-cannnot-connect-to-guest-osprotostar-through-ssh-from-host-pc-linux-mint
Thanks for the video but I am stuck at the most begin :( When I boot the iso in Hyper-V, I get only lo adapter, no eth0... I changed the network adapter of VM but no help. In /etc/network/interfaces, I see only lo, tried to add eth0 then restart network service but gives error "No such device".