Very much agree - shows to show how easy things can be exploited at some points. Also last week your video was ~2.5 hours, so I hope ppl will cut you some slack
Ah, cassic IppSec! "...read the full article, I always like doing", then he forgets to put additional "t" at the end of "User-Agent" header to trigger the backdoor! Please IppSec, never change!😂🥰👍❤️
Im thinking that the insane box took longer than anticipated and he had to do a fast easy box to still have a video for us. Still, as always, awesome content!
Thanks for making this walkthrough. I'm sad I couldn't pwn this machine by myself without having to watch the first 3 minutes and 40 seconds of your video. I legit got scared by the "Knife has been Pwned! " sound effect as this is the first HTB machine "I" pwned lol
The /dev/tcp/ thing is a bash thing, if the shell is sh, dash, etc it won't work. So putting bash -c ensures that its running bash before sending the shell.
Hello ippsec I am new to HTB . Am want to setup tmux like you . But it's PS1 not looks normal bash I searched everywhere but nothing to get . Given some ideas for me
To be honest, both vulnerabilities were kind of unknown when the box dropped, it was more difficult to get the right information for the exploits and I remember reading a lot about chef to see what I could do to pop a system shell
Don’t need to read a lot about it when you can see on the help page that the exec parameter can run Ruby scripts it and get a root shell via there lol. Definitely a very easy box
At 11:00 can someone explain me why this worked? I understand that my public key has to be in "authorized_keys" of the machine in order to connect to it. But how did his public key get in this file in the first place, when he never connected to the machine with SSH beforehand?
He copies id_rsa (private key of the "james" user) to his local machine, then moves the public key of "james" on the victim box into the authorized_keys directory. It has nothing to do with *his* key, he's using the public and private key of "james" to get in.
"a lot of you will be disappointed".
That can't happen mate. Your videos are a library of knowledge, no matter the length
Very much agree - shows to show how easy things can be exploited at some points. Also last week your video was ~2.5 hours, so I hope ppl will cut you some slack
True
Ah, cassic IppSec! "...read the full article, I always like doing", then he forgets to put additional "t" at the end of "User-Agent" header to trigger the backdoor! Please IppSec, never change!😂🥰👍❤️
Did this one today and finally understood why I couldn’t SSH in the machine even though I had the private key. Thanks for the video!
This box was a bit harder on release, since the only blog post on the php vuln was in chinese and knife wasn't in GTFObins yet
But luckily for me, sb had left some ruby code in the user dir, otherwise good luck
Im thinking that the insane box took longer than anticipated and he had to do a fast easy box to still have a video for us.
Still, as always, awesome content!
Thanks for making this walkthrough. I'm sad I couldn't pwn this machine by myself without having to watch the first 3 minutes and 40 seconds of your video. I legit got scared by the "Knife has been Pwned!
" sound effect as this is the first HTB machine "I" pwned lol
I may take a hour or more to complete this challenge, But you are absolutely legend. 👏👏🙏
I passed oscp because of your videos! Thank you so much for your content!
well done! mine is in a week, definitely these videos are in my top3 resources.
@@socat9311 the other two? :)
great!
Please tell me, What level of machines the oscp have?? Comparison with htb boxes.. 🙂
My first HTB machine! Thank you, now time to try a live machine:)
Great explanation! This box took me an entire day but learned a lot 😅
short and to the point is good. Even managed to squeeze in more useful general things not specific to this box.
Holy crap 12 minutes?!??! this box took me 2 hours Ippsecc!!! D:
Waiting for Monday's video! 🤩
Dude, i just love u ❤️
When did knife get put in gtfo bins because it wasn't there when I did the box and the only blogs were in bloody Japanese.
thanks for the walkthrough!
Good job 🎉
Short and long are always good - no problem here :)
Hello, I can't put port 80 for netcat
It is written "address already in use"
Can you help me? Thanks 7:40
ippsec ❤️✌️
anyone knows why bash -c was used before bash -i ? i cant understand that part. the usual bash reverse shells only mention bash -i
The /dev/tcp/ thing is a bash thing, if the shell is sh, dash, etc it won't work. So putting bash -c ensures that its running bash before sending the shell.
You are a legend.
Hello ippsec I am new to HTB . Am want to setup tmux like you . But it's PS1 not looks normal bash I searched everywhere but nothing to get . Given some ideas for me
Comptia Network+ vs CCNA for hacking what do you prefer?
Those two things are not the same at all and neither of them help you specifically with hacking. Your question makes no sense. Get them both.......
@@mo938 thanks for the suggestion
For hacking? Sign up to hackthebox if you haven’t done so already
OSCP.
surprise video being another ropetwo section? 👀
Haha Nope that is not it.
@@ippsec awh, was hoping to finally see how to get user :P
Had to double check time length.
interesting, i didn't know knife/chef existed
To be honest, both vulnerabilities were kind of unknown when the box dropped, it was more difficult to get the right information for the exploits and I remember reading a lot about chef to see what I could do to pop a system shell
Same here, I had to read a lot about chef to get root. Gtfobins didn't had anything about knife yet, at that time.
Don’t need to read a lot about it when you can see on the help page that the exec parameter can run Ruby scripts it and get a root shell via there lol. Definitely a very easy box
shortest ippsec video ever?
Which distro do u use?
Parrot OS based on PwnBox which HTB uses
How are you doing ipp?
At 11:00 can someone explain me why this worked? I understand that my public key has to be in "authorized_keys" of the machine in order to connect to it. But how did his public key get in this file in the first place, when he never connected to the machine with SSH beforehand?
He copies id_rsa (private key of the "james" user) to his local machine, then moves the public key of "james" on the victim box into the authorized_keys directory. It has nothing to do with *his* key, he's using the public and private key of "james" to get in.
@@CmpEaxZer0 Okay that makes sense, thanks!
❤️👌
wow, that was a short one
Real question is ,how on earth do you even merge that into the language??
Maybe you can go a little fast next time on the last half :(
Bro why don't you create a discord server
I don't like spending more than 10-15 minutes in chatrooms a day.
First time i did this machine, it didn't have posts and exploits, maximum a articles in japanese
Is this the worst HTB machine? I'd vote either this one or Mirai, you learn basically nothing from doing them other than "how to Google for stuff"
Oddly enough, learning how to google stuff is by far the most important thing in infosec.
O