My thoughts on SHELL AFFECT Tutoring

#1

I just wanted to write a quick review about SHELL AFFECTS tutoring after going through it with @Cry0l1t3 and having learned quite a bit.
I hope this will help people judge for them self whether it’s for them or not and also maybe also the business as it totally deserves more attention!

Having not much experience in the field of Web Exploitation Cry0l1t3 offered me one of his tutorings and suggested to work through a hackthebox challenge in it as I’ve never done any of them before.
After I set up a Kali Machine for it he connected to my computer with a screen sharing service so we can work together within the VM where I logged into a VPN connection he provided so I was able to access the box he prepared.

At first he let me do what I thought would be a good start at enumerating the system to see what I already knew and then showed me some more advanced approaches while explaining why they were better and what I might have missed with mine.
Next he taught me some general methodology to keep in mind, things I should avoid doing and what was possible to do with the initial information we gathered especially because I wasn’t familiar with how DNS Servers work and what one can do with them.
Cry0l1t3 took over and taught me about some general tools for working with the server and how to extract information out of it, after which he gave me about 5 minutes to further read into what information the DNS protocol can provide and how to use some tools to interact with them to lead me into finding information relevant for the challenges myself.
The questions that came up for were answered by him afterwards and using the newly gathered information we found a hidden admin login page which I guessed needed some SQL Injection to go through. I tried some injections myself but after none of them showed any response Cry0l1t3 guided me to figuring out what I did wrong and how the vulnerable code probably looks like.
The next step was a page that allowed shell command injection which I used to inject a reverse-shell and connect back the me, while my approach worked in itself Cry0l1t3 showed me some resources
that listed more efficient methods of doing it and also some tricks on how to interact with it way more clean from my console.

Having a shell was enough to find the user.txt file but to get the root file privilege escalation was necessary which I had absolutely no knowledge or experience about.
So the rest of the tutoring was mainly being guided through it and getting recommended resources that listed commands and things to try out and read later.
After some more explanation of what information was necessary and how to get it, how the available services worked, what might be usable to get higher privileges and also hints on what folders to look intoI finally found the part of the box that was exploitable and used it to read out the root.txt!

The whole experience was a lot of fun, very interesting and I learned (as you might have read here) quite a lot about using DNS Servers, better ways of creating reverse shells and privilege escalation in general!
Also the resources I was given to (and the approaches of how to find further) were really interesting to read and especially the cheat sheet lists I was shown will hopefully be really useful in the future as well.

I really recommend it, even more to everyone interesting learning about a new topic or those that feel like they need some help to advance further, I’m sure everyone can learn going through it.

Thank you @Cry0l1t3 for the help and good luck to your business, I really hope this helps to make more people consider reaching out to you ! :slight_smile:

7 Likes

#2

Thank you very much for this awesome review @Leeky! I appreciate it!

3 Likes

#3

Woah this looks great good review.

1 Like