0xskywalker

About

Username
0xskywalker
Joined
Visits
164
Last Active
Roles
Member

Activity

  • scottrainville

    Hi there, I saw you were offering help on Onetwoseven and I could use some help.

    I'm attempting the APT exploit for privesc and am metaphorically banging my head on a wall, I wanted to see if I was even attempting the right methodology:

    It seems to me that this is the exploit I must perform: https://justi.cz/security/2019/01/22/apt-rce.html

    However, it only tells me 60% of what I need to know to replicate. I'm trying to do exactly what the article did as a proof-of-concept by installing the package and running MITMproxy to serve a fake redirect pointing APT to my own update file instead of the real .deb file.

    Problem is, I'm having massive difficulty using/learning mitmproxy. I also don't understand how to plant the malicious update package; do I just generate my own .deb file from scratch? Or do I embed something into a .gpg file?

    Do you recommend a different approach? Any resources would be very appreciated. Or am I barely even on the right path?

    Thanks in advance.

    June 25
  • 0xskywalker changed their profile picture.
    Thumbnail
    June 17
Avatar

Howdy, Stranger!

Click here to create an account.