This was one of the best videos you made. I love seeing your methodology and problem-solving techniques in the face of the unknown, it gives me the strength to keep learning. Do more like this, please!
The invite code thing is like looking at something you wrote when you were in high school. You remember that it really broke your brain when you did it initially, but all the experience you have gotten since then has made it beyond trivial.
Hey Ippsec, I have a question regarding the regex in remove_special_characters. I have seen this regex used in many web applications, some as apart of ID sanitisation in dynamic queries. I got them impression from your video that it'd be possible to bypass this regex. Would it be possible to comment on it further? It might even be a good separate video. Thanks
It will be slightly longer than I expected, it's a lot more complicated than I expected. But I'll certainly put something out there soon as I can. You can see I created an issue on Linux Exploit Suggestors repo :)
I didn't understand why we would need to add the hostname to the hosts file? And how do we get to that conclusion by entering to the website and getting the not found result? (I started HTB a few weeks ago, I'm still a noob, can someone explain me?)
When doing these types of CTF’s there is no DNS Server. Some websites do virtual host routing, which makes DNS important. Editing the host file mimics having a dns server. I don’t remember how this box leaked the hostname but I’m sure if you watch from nmap, it’s probably around there. Normally it’s ssl certificates
Some of the Easy ones back in like 2021 probably. There was a time when I did them more blind, but I started reviewing boxes before they went live to players, so its hard to do a true blind play through.
sir i am a free user of hack the box and i cant get the virtual machine in my windows for longer time is there any other option to get virtual machine for free inmy windows to work for the machines in hack the box sir
Is it possible that you will solve the soccer box without using sqlmap? I've been really struggling with it, plus I think its a really interesting machine. Regards from Spain :)
I’m glad you said you had trouble solving the invite code back in the day because so did I lol
I am not the only one who had to lookup the invite code! Great box, brings back memories for sure
This was one of the best videos you made. I love seeing your methodology and problem-solving techniques in the face of the unknown, it gives me the strength to keep learning.
Do more like this, please!
The invite code thing is like looking at something you wrote when you were in high school. You remember that it really broke your brain when you did it initially, but all the experience you have gotten since then has made it beyond trivial.
I really don't understand how this machine is considered "Easy", and i'm terrified what will the "Medium" ones be...
Welcome to the Hackthebox community!❤😅
This box is so intimidating. If this is considered easy then I'm scared of what's to come
this is a different level of amazing watching, after solving this - still learned a lot
Great work - waiting for the next one
An ippsec vid on a Wednesday? This feels like when GoT episodes gets leaked 😂
Do you go through the boxes before filming or are you just naturally talented? :) great video as always
Hey Ippsec, I have a question regarding the regex in remove_special_characters. I have seen this regex used in many web applications, some as apart of ID sanitisation in dynamic queries. I got them impression from your video that it'd be possible to bypass this regex. Would it be possible to comment on it further? It might even be a good separate video. Thanks
Using JS-Beautify 1.15.1 and CyberChef, both seem to fail to de ofuscate the javascript min.js file
I had the same issue but ChatGPT worked for me
for me too did you ever figure this out???
@@DeonDatDealon js-beautify options make sure "Detect packers and obfuscators?(unsafe)" is selected as well as "Space before conditional..."
I saw this machine getting released on HTB, now it's no longer present. Is it only for you to show us your approach to solving machine or?
Its Retired
You can still access it
Any idea where he uploaded the next part of the video "Beyond Root- Adding overlay FS"?
I love everything about this and can't wait for you to complete the cliffhanger!
It will be slightly longer than I expected, it's a lot more complicated than I expected. But I'll certainly put something out there soon as I can. You can see I created an issue on Linux Exploit Suggestors repo :)
so do you use everytime put, if you want to update smth?
I didn't understand why we would need to add the hostname to the hosts file? And how do we get to that conclusion by entering to the website and getting the not found result? (I started HTB a few weeks ago, I'm still a noob, can someone explain me?)
When doing these types of CTF’s there is no DNS Server. Some websites do virtual host routing, which makes DNS important. Editing the host file mimics having a dns server. I don’t remember how this box leaked the hostname but I’m sure if you watch from nmap, it’s probably around there. Normally it’s ssl certificates
It was from nmap!
Thanks for the help !!
Hey man do you know why i cant i get "Server Not Found" when i try to load up the site on that machine?
Nicely done, thank you 👍
I really missed "We have alreadyyyy rannnn itt "
How do you display your own IP in your terminal prompt? Please let me know
ip a
Do you have more videos of solving boxes without previous experience with them?
Some of the Easy ones back in like 2021 probably. There was a time when I did them more blind, but I started reviewing boxes before they went live to players, so its hard to do a true blind play through.
@@ippsec Ok thanks. Love your content and Im always learning something new from every video! Keep doing your thing!
Which computer and software do you use
sir i am a free user of hack the box and i cant get the virtual machine in my windows for longer time is there any other option to get virtual machine for free inmy windows to work for the machines in hack the box sir
first time seeing that kracken
what is it? a custom machine made by you or a new server to crack hashes?
Its just a box I have on my network.
Is it possible that you will solve the soccer box without using sqlmap? I've been really struggling with it, plus I think its a really interesting machine. Regards from Spain :)
Nope I’ll use sqlmap. There are videos where I do Boolean injection without it
@@ippsec Okay! Thanks eitherway for all the content you give us ☺
how to copy text from tmux & pasting outside tmux ?
for now my discovery is to used shift and select text I want to copy and right click to paste it. Wonder, how do you purely used command :)
tmux-yank plugin will do the trick!
Do you prefer ferobuster or gobuster?
why do we need a header? and why should the header be a cookie?
Helps if you put a timestamp of where your question is. I don't know exactly what you are asking
@@ippsec sorry about that. the time stamp is 17:17
It’s because it’s an authenticated endpoint - you need the Cookie header for an authenticated session
Wow thank u
Oh no, my calendar must be two days off‼️😅
Bravo maestro)))
ssh kracken command not given output as how in video instead it gives failed to resolve hostname or Service anyone can help me with this
Kracken is a box on my network, you can run hashcat on your computer
11:10
Fun fact: you can't check "Remember me" on this box 😆
CHEF CRISP WUZ HERE!
Thnx!
Push!
Ipp, you should create a box called "Your mom"
Oops! Go back to the old school :v
31:07 interesting..
Woah what is kracken??
Hi!
AAA!
mice
Wtf?))
I'd like to understand more how the command injection vulnerability works.
I don't know why this box is rated as "Easy" it's pretty far from it
I guess, u r new to HTB platform 😂