Cyber Mayhem Blue Team Gameplay: Process Monitoring with Snoopy (LD_Preload)

Channel:
Hack The Box
Subscribers:
46,300
Published on ● Video Link: https://www.youtube.com/watch?v=gH_q0zRcPuI


Game:
Snoopy (1984)
Duration: 1:27:20
41,838 views
1,181

00:00 - Intro
01:00 - Explaining what LD_PRELOAD is
08:48 - Compiling and installing Snoopy
11:10 - Inspecting how Snoopy is installed, so we can make our own install script without compiling
13:08 - Checking auth.log after snoopy is installed to see it working!
15:30 - Creating a Snoopy installer script on our parrot machine
20:40 - Showing Snoopy won't capture everything via using python to access a file two different ways
22:06 - Reverting our machine, so we can test our install script
28:00 - In the Hacking Battlegrounds lobby!
29:30 - Installing Snoopy on all four of our castles
30:20 - Showing tmux magic - Using synchronize-panes to send our keystrokes to all panes
31:55 - TROLL: Renaming NANO to VI and VI to NANO on one of the boxes for lulz
33:10 - Using a watch command across all our terminals to look for a reverse shell
35:05 - Checking out the first box because of the JAVA Process, and seeing if snoopy see's activity
36:20 - Starting a TCPDump across all of our machines with nohup so it goes in the background
37:40 - Found a shell on the second box! Let's take a look!
38:20 - TROLL: Python PTY found, lets send a message whenever people use pty.py
40:40 - Using Snoopy to snitch out on the Health Checks to find out why it is failing
43:30 - Using find to list files modified recently
46:40 - Editing the sudoers file to keep him from privesc'ing
51:00 - TROLL: He deleted our pcap! Let's break the rm command
51:50 - PRIVESC: Found a cronjob, trolling myself trying to remove it
52:20 - Let's review snoopy, to see what PID edited the crontab, then checking what else happened
58:40 - Someone is on the third box! Let's take a look. See he grabbed the flag directly from apache. Putting a fun patch in
1:03:30 - Going back to the second box, someone accessed a flag, using auth.log to show us an upload script
1:04:27 - The user is using the php system() command to manipulate a shell. Disabling the system() command in php
1:06:10 - Grepping flag.txt on auth.log to see how the user privesc'd... Used Script instead of Python PTY to establish a PTY
1:10:00 - Verifying System() is disabled by checking php error log
1:16:30 - Grabbing a PCAP To show we can do IR based upon pcap data as well



Other Videos By Hack The Box


2021-09-18Analyzing Phishing Documents by 0xdf - HTB Village at H@cktivityCon 2021
2021-08-30Hack The Box Swag Store - Hack With Style 😎
2021-07-30Hack The Box Reached 100 Employees 🥳
2021-07-22Hack The Box Business CTF 2021 - Pre-Event Talks
2021-06-18HTB Business CTF 2021 - The Ultimate Hacking Competition For Companies
2021-05-17Hack The Box Hacking Battlegrounds Streamed Tournament #1 - Commentated by IppSec and John Hammond
2021-04-02Hack The Box BDAY - 4 Years Old 💚
2021-03-11Cyber Apocalypse CTF by Hack The box & CryptoHack - HACK The Planet, SAVE The Earth
2020-11-28Hack The Box Stories #2 - AMA with egotisticalSW
2020-11-19Hack The Box - Uni CTF 2020 Talks
2020-10-30Cyber Mayhem Blue Team Gameplay: Process Monitoring with Snoopy (LD_Preload)
2020-10-29Hack The Box Stories #1 - AMA with g0blin
2020-10-22Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec
2020-10-16Hack The Box - Cyber Mayhem Trailer [Hacking Battlegrounds Now Live]
2020-07-02New Hack The Box Logo
2020-06-01Server Siege, King Of The Hill Game Mode - Coming Soon! Hacking Battlegrounds by Hack The Box
2020-05-04Hacking Battlegrounds by Hack The Box: Cyber Mayhem, Attack/Defend Game Mode - Coming Soon!
2020-04-28Hack The Box Presents Hacking Battlegrounds
2018-03-07Hack The Box - Pro Lab: RastaLabs
2018-01-16Hack The Box - Nightmare
2017-09-17Hack The Box


Tags:
hack the box
hackthebox
hacking
cybersecurity
infosec
pentesting
hacking battlegrounds
cyber mayhem
blue team
red team
attack defense
gaming


Other Statistics

Snoopy Statistics For Hack The Box

There are 41,838 views in 1 video for Snoopy. About an hours worth of Snoopy videos were uploaded to his channel, or 1.22% of the total watchable video on Hack The Box's YouTube channel.