Book write-up by rub1ks

Hey there,

This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
Check it out:

https://medium.com/@apipia92/book-write-up-6864dca9489d

Cheers!

rub1ks
Find me on Discord: rub1ks #4045

Comments

  • This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!

    Love to see it, thank you! Quality stuff.

    PromeDNS

  • Type your comment> @rub1ks said:
    > Hey there,
    >
    > This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
    > Check it out:
    >
    > https://medium.com/@apipia92/book-write-up-6864dca9489d
    >
    > Cheers!

    Haven't read the document yet, don't want to ruin my fun. I will, though.

    I really appreciate you addressing the 'why'. The tutorials that lead people I to a straight path to the goal have their place, but I like your vision a hell of a lot more.

    It one thing to show 'this is how you do this one thing', it's another thing to actually learn people about the mindset they need to acquire.

    Thanks for taking the time writing it down and raising the bar for walkthroughs. We need more of these. Thanks man.
  • edited July 15

    @rub1ks said:

    Hey there,

    This is meant to be an in-depth walkthrough of the hack. I try to cover not just WHAT but how you might have found it, and how and why it works. If you hacked Book and were left wondering, this should hopefully clear it up!
    Check it out:

    https://medium.com/@apipia92/book-write-up-6864dca9489d

    Cheers!

    Excellent write up - really appreciate you sharing it. As @gnothiseauton has said, it is raising the bar quite a bit.

    One comment though, is there a reason you went for a reverse shell rather than grabbing the root SSH keys?

    (edited to correct a typo!)

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 15

    @gnothiseauton
    @jxPhreak
    Thanks for all the great feedback!
    @TazWake
    That's a great question. I suppose that it is always a good idea to get ssh keys if they are there. Although, without read access to that .ssh directory, one wouldn't know they were there. You would need to run the exploit assuming they're there and crossing your fingers. I don't remember checking if there were keys for the root user, or if we had read access or not. I suppose I was just following the exploits instructions. That's a good thing to look out for though, moving forward.

    Whenever I have the opportunity for command injection during priv-esc, I typically always go for a reverse shell, then, if possible, use that shell to find keys.

    Thanks again for the feedback. I want to keep making these so I appreciate the comments.

    rub1ks
    Find me on Discord: rub1ks #4045

  • Wonderful writeup. I really appreciate your work on this. Thanks for explaining the exploit a bit further. Much respected.
    Post more writeups.
    :)
Sign In to comment.