HackTheBox - Precious

Поділитися
Вставка
  • Опубліковано 28 лис 2024

КОМЕНТАРІ • 30

  • @B4ch4r
    @B4ch4r Рік тому +15

    I have just passed my OSCP exam thanks to your incredible videos, watched every single video on this channel and it is definitly worth every minute i have spent here, Thank u so much ippsec..❤

    • @patrickFREE.
      @patrickFREE. Рік тому +1

      Awazing you live my dream! How often did you learn?

    • @B4ch4r
      @B4ch4r Рік тому +3

      I have finished the oscp in about 1 month as i have done about 12-14 hours a day, but finished the penetration tester path in the htb academy before starting the OSCP which helped me massively, definitely recommend atudying the penetration tester path as it goes in much more details than oscp.

    • @mrobvious6112
      @mrobvious6112 Рік тому

      @@B4ch4r Seriously 12 to 14 hours..? a day..?
      You have that strong mindset, or discipline you want to call it, and you be grinding hard for hours in a month lmao

  • @Ms.Robot.
    @Ms.Robot. Рік тому +5

    THE LEGEND HAS SPOKEN‼️

  • @AUBCodeII
    @AUBCodeII Рік тому +13

    My precious

  • @UmairAli
    @UmairAli Рік тому +2

    Awesome stuff , looking forward to get more videos on command injection.

  • @RachelWilliamsL
    @RachelWilliamsL Рік тому

    First HTB I managed to get user on without any walkthrough or hints. Very interesting to see how a pro approached it. Thanks for all the amazing content.

  • @kalidsherefuddin
    @kalidsherefuddin Рік тому

    Thanks everyone for this course

  • @silenthacker2667
    @silenthacker2667 Рік тому +2

    Thanks man your content so good i love it.....

  • @neadlead2621
    @neadlead2621 Рік тому

    hey ippsec thanks for the video I have a question when you googled the ryby yaml deseialization how did you think about that in the first place

    • @ippsec
      @ippsec  Рік тому +1

      YAML Deserialization is pretty common. When untrusted input gets into things that can be turned into objects, deserialization is a common attack path.

  • @0xold
    @0xold Рік тому

    awesome work man! ,regarding the $- i don't think it is a junk variable in your example $- is a special parameter that expands to the current options or flags set for the shell.

  • @yousseftarek7296
    @yousseftarek7296 Рік тому

    Ok I know that de-serialization is the concept of return object from a shape to another. why do you think this will help here?

  • @kazhiroma9736
    @kazhiroma9736 Рік тому

    I have a question. When you run the nmap and find port 22 open and see the keys, are those useful for anything? Are they public keys of the server?

    • @ippsec
      @ippsec  Рік тому

      Yes public keys of the server, just used to prevent man in the middle attacks. Your computer saves them to the known hosts file and if it’s different your computer alerts you. They can’t just be copied as it doesn’t send to private key

    • @kazhiroma9736
      @kazhiroma9736 Рік тому

      @@ippsec thanks man

  • @-bubby9633
    @-bubby9633 Рік тому

    Just wanted to point out but the reason the payload at 9:15 didn't work is because the "&" in payload weren't properly URL-encoded meaning they were acting as parameter terminators. If the & were encoded properly, and the final $IFS had some sort of terminator character after it so that the 0 wouldn't be seen as part of the ENV name, it's possible the reverse shell would have worked fine.

  • @tiagocoelho2306
    @tiagocoelho2306 Рік тому

    for some reason that I didn't find yet, my netcat is not listening and if I insert my IP in the input box, it starts loading for long time but nothing happens. I'm following all the steps executed bu IpSec but nothing happns. Do someone know what it might be?

  • @lubu42
    @lubu42 Рік тому +1

    "Nice, simple, easy box!"
    Hahaha yeah...that was so simple... >.>

  • @sand3epyadav
    @sand3epyadav Рік тому

    My heart ippsec.. i am red teamer , but when we listen purple teamer ...wawoo

  • @Pouya..
    @Pouya.. Рік тому

    It would be lovely if you do the boxes from the start with no knowledge of another channel then we can also learn how to face real challenges like the IFS problem here

  • @StevenHokins
    @StevenHokins Рік тому

    Awesome video ❤

  • @AZANSHAHID
    @AZANSHAHID Рік тому

    15:45 can't you just use base64 encode form in combo with $IFS or ${IFS}

  • @FjellapeHns
    @FjellapeHns Рік тому +1

    i love you

  • @tg7943
    @tg7943 Рік тому

    Push!

  • @fabiorj2008
    @fabiorj2008 Рік тому +1

    Second !!

  • @FMisi
    @FMisi Рік тому

    Easypeasy

  • @someyounggamer
    @someyounggamer Рік тому

    First!