1
00:00:00,420 --> 00:00:02,700
Welcome to the last machine in this course.

2
00:00:02,700 --> 00:00:10,290
Before we get to the capstone challenge so this box is called blaster and blaster is actually a remake

3
00:00:10,290 --> 00:00:19,470
of another box on track me called retro now retro had a privilege escalation of this C V E twenty nineteen

4
00:00:19,470 --> 00:00:24,690
dash thirteen eighty eight which we're going to talk about in a second but it was very very difficult

5
00:00:24,690 --> 00:00:25,460
to escalate.

6
00:00:25,470 --> 00:00:31,410
There were just issues you had to trigger it just in the right way and there were other escalation parts

7
00:00:31,410 --> 00:00:36,630
on that machine that allowed you to elevate without having to worry about this particular exploit.

8
00:00:36,630 --> 00:00:42,480
Now one day I was on stream doing a walkthrough of retro and the creator happened to be there and I

9
00:00:42,480 --> 00:00:46,830
said Man I'm making this course and I would really love to have a CV twenty nineteen thirteen eighty

10
00:00:46,830 --> 00:00:48,160
eight IN THE COURSE.

11
00:00:48,180 --> 00:00:50,190
AND HE SAID I GOT YOU.

12
00:00:50,190 --> 00:00:51,770
AND HE CREATED blaster for me.

13
00:00:51,780 --> 00:00:55,190
So a big shout out to him for creating this.

14
00:00:55,200 --> 00:00:57,390
And on top of it they made it free.

15
00:00:57,420 --> 00:00:59,240
So you don't have to pay for this room.

16
00:00:59,250 --> 00:01:05,220
So shout a dark star seven for seven one for doing this and try Hackney for being an awesome platform

17
00:01:05,220 --> 00:01:07,050
and just allowing this to happen.

18
00:01:07,110 --> 00:01:13,890
So we're going to utilize blaster Blaster is a very CTF like box and you're going to see why here once

19
00:01:13,890 --> 00:01:14,880
we get into it.

20
00:01:14,940 --> 00:01:21,720
So go ahead and join the room start your machine and get your ad map skins started while you're doing

21
00:01:21,720 --> 00:01:27,740
that and make sure also that you use a dash p n because this is not a pink ball machine.

22
00:01:27,780 --> 00:01:29,520
So make sure you scan the dash pen.

23
00:01:29,650 --> 00:01:35,880
Now while you're doing that let's go ahead and discuss briefly what the CV 20 19 13 eight is and we'll

24
00:01:35,880 --> 00:01:38,130
start here with this get hub version of it.

25
00:01:38,130 --> 00:01:40,810
Now this is in another language.

26
00:01:40,950 --> 00:01:49,920
But basically when you go out and you try to access a Web page and you get an error you have to accept

27
00:01:49,920 --> 00:01:51,330
the certificate.

28
00:01:51,330 --> 00:02:00,870
Now the certificate in this this CV was allowing for Windows to elevate privileges that we could use

29
00:02:00,900 --> 00:02:06,690
this vulnerability to escalate via this window certificate dialogue because it was not properly enforcing

30
00:02:06,690 --> 00:02:08,040
the user privileges.

31
00:02:08,070 --> 00:02:10,080
So you're going to see how that works.

32
00:02:10,110 --> 00:02:14,940
You're welcome to view this little footage here or there's actually a really decent walkthrough by zero

33
00:02:14,940 --> 00:02:20,140
day initiative on YouTube that you can watch as well and see how it functions fully.

34
00:02:20,160 --> 00:02:22,940
Now you can go ahead and give this box a try.

35
00:02:22,950 --> 00:02:24,780
You should be able to do it on your own.

36
00:02:25,200 --> 00:02:29,820
So give it a go even try the escalation on your own if you want and you should be able to watch this

37
00:02:29,820 --> 00:02:31,070
video and escalate.

38
00:02:31,290 --> 00:02:35,160
But we'll walk through the box here in the next few videos so I'll see you in the next video when we

39
00:02:35,160 --> 00:02:37,500
talk about how we gain a foothold on this machine.