I would highly recommend LiveOverflow's series on it, the beginning videos are really basic, but he does a really great job of covering everything needed.
@@nyxkrage I started the BOF module on the HTB academy, got confused and someone recommended LiveOverflow's series. Have only gone through half of it but managed to finish the module and now I can actually understand what Ippsec is doing :)
He actually works for HackTheBox. Before that he also worked as a sysadmin and in an interview he says ‘I don't consider myself a Red Teamer by trade. I've spent way more time on the blue team side of things building and defending networks’.
Until Yesterday I was stuck at a point after exploiting the format string vuln, getting into the system what should I be doing next! Glad you explained further 👏👏👏
What if we all realized one day that you were an artificial intelligence created for pentesting purpose and not actually a human. But great 👍 video as always..
with that repetitive start in all videos, I wouldn't be surprised.. can take some time to run, so I have already ran it..looking at the results.. you know the rest
wappalyzer is good for identifying technologies btw , and in gef u can use the scroll wheel when highlighting an address to use it if you want to break, other than that great vid.
Thanks for another amazing video! Could you do a vid where you explain how you taught yourself all these things you do on videos? University? Alone by practicing? Thanks
Hey ! Anybody getting this error or how to solve this ? elf = ELF("./httpserver" , checksec=False) TypeError: __init__() got an unexpected keyword argument 'checksec'
Hey Ipp! Why did the RCE initially returned o/p as root for the whoami/id command when the httpserver was actually running as the user John ? BTW, Kudos for your great videos !!
I’m actually not sure. Most likely related to how it’s being ran. For example the dash in “su -“ is saying load the new environment. So if root does like “su -u john -c httpserver”, it wouldn’t load a new environment and keep roots variables, while having the token of the low priv user
No idea - It's not in the recording I uploaded. Guessing youtube dropped some frames during encoding for some reason and it defaulted to the first frame.
@@ippsec I see. Now that I have a chance I need to say that I have learned so much from your tricks. Especially the "stty raw -echo" was neat when you are working with netcat terminal but unfortunately it didn't work for me.... ~terminal freezes~ lool.
this is not magic, this is talent and sweat
Damn! Last week, a 2-hour. Then a 3-hour, now almost FOUR HOURS!!!!
But its like a thriller movie, once you start the video you can't stop watching.
One of the hardest boxes I have seen. A wake up call to improve my pwn skills
Ippsec should do a video explaining buffer overflows :)
I would highly recommend LiveOverflow's series on it, the beginning videos are really basic, but he does a really great job of covering everything needed.
Just read corelean exploit writing series and you are literally done in windows's memory corruption, just use your head after than and you are ready.
@@nyxkrage I started the BOF module on the HTB academy, got confused and someone recommended LiveOverflow's series. Have only gone through half of it but managed to finish the module and now I can actually understand what Ippsec is doing :)
I wonder what's his actual job in real life. He has knowledge about everything ranging from Active Directories to Binary Exploitation......
Probably a mail man and does some Uber on the side
@@DM-qm5sc lmao
He actually works for HackTheBox. Before that he also worked as a sysadmin and in an interview he says ‘I don't consider myself a Red Teamer by trade. I've spent way more time on the blue team side of things building and defending networks’.
27:05 "if this video's not like 3 hours long like the last one"
*Cue **_Curb Your Enthusiasm_** theme*
Omg. 3h long. Amazing!
Keep up the good work!
Phew, Rope was my nightmare. But i got my first badge on HTB because of this!
very ippsecish as usual ..thanks alot for the long explanation ..I was waiting for this for a long time
I keep thinking that you should have twice the amount of subs tbh...this channel is pure gold, thanks for sharing
Until Yesterday I was stuck at a point after exploiting the format string vuln, getting into the system what should I be doing next! Glad you explained further 👏👏👏
I was watching this, and thinking "how does this guy know so much about netsec and binary exploitation?"
And then I saw your programming.
What programming you talking about ?
You are the best by far💗. And you sound soo good.
What if we all realized one day that you were an artificial intelligence created for pentesting purpose and not actually a human. But great 👍 video as always..
with that repetitive start in all videos, I wouldn't be surprised.. can take some time to run, so I have already ran it..looking at the results.. you know the rest
When rope2 ipp?🙄
i think It'll be a 20 hours video😂
wappalyzer is good for identifying technologies btw , and in gef u can use the scroll wheel when highlighting an address to use it if you want to break, other than that great vid.
This box is a beast!
A 4 HOUR VIDEO!!! WOooowwww
"i don't like reading Javascript" - Ipsec 2020
None of us like reading JS :')
I like your videos so much !!!
One day I will solve this box alone.
Masterpiece!
Your are my mentor, thank you!
At last! :)
thank you!
Thanks for another amazing video! Could you do a vid where you explain how you taught yourself all these things you do on videos? University? Alone by practicing? Thanks
25:30 on the left bottom corner it says what version is runs, if you want to change it, just click it
Hey ! Anybody getting this error or how to solve this ?
elf = ELF("./httpserver" , checksec=False)
TypeError: __init__() got an unexpected keyword argument 'checksec'
Installed github.com/arthaud/python3-pwntools rather than github.com/Gallopsled/pwntools?
In vscode you can comment with 'Ctrl+/'. That should help you comment faster.
By the way it's Visual Studio *Code*, not just Visual Studio (that's a different product)
Hey Ipp! Why did the RCE initially returned o/p as root for the whoami/id command when the httpserver was actually running as the user John ? BTW, Kudos for your great videos !!
I’m actually not sure. Most likely related to how it’s being ran. For example the dash in “su -“ is saying load the new environment. So if root does like “su -u john -c httpserver”, it wouldn’t load a new environment and keep roots variables, while having the token of the low priv user
At that point of time, He is exploiting httpserver binary, which is running on his local machine, So it returned as root
Great. But this is first rly hard for me. I feel totally noob in that methods (ghydra etc.)
38:00 you did it from libx32 and at the bottom there was lib32, just a little detail (1:09:00 nevermind)
hey can you do some tryhackme difficult boxes
see u in 4 hours
Hope you enjoy it! And hopefully it makes more sense after you watched patents last week 😃
hey keep going :D
Me after 2 years of node.js: 2:42
59:30 you were inside of dash (atleast i think so, thats what i saw) (1:16:00)
41:36 you can do f"{value:x}" instead of f"{hex(value)}"
pyformat.info/
How do you "search up" in the Linux terminal, like search up to curl, and then page down, when running LinEnum.sh?
Watch his tmux video, i believe he covers it there
Tmux:
Control b + [
Starts: 4:30PM
Ends: 3AM
Had a few meetings during recording :) Think i mentioned it but had CCDC to prep for.
Can you give us the name of plugin you used with gdb
GEF, It's in the prompt of GDB :)
Thank you so much
It became way too much.
Any recommendations on how to keep up? I'm noob in binary exploitation.
He mentioned his bitterman walktrhu + patents.
@@b3twiise853 Thank you!
OMG the last video was 3 hs and this one is almost 4, afraid of the next video!
They’ll probably be easier boxes for a bit. These were some of the hardest on HtB
13:40 was it a mistake?
No idea - It's not in the recording I uploaded. Guessing youtube dropped some frames during encoding for some reason and it defaulted to the first frame.
@@ippsec I see. Now that I have a chance I need to say that I have learned so much from your tricks. Especially the "stty raw -echo" was neat when you are working with netcat terminal but unfortunately it didn't work for me.... ~terminal freezes~ lool.
1:24:25 "it is a CCDC weekend" - what's a CCDC weekend?
Collegiate Cyber Defense Competition - College CTF where they have to defend a network from red teamers who volunteer.
With ir with out you karaokes
I have the biggest man crush on you. And i had to let you know today.
dejardins
Longest video to date! Thanks for all the great content! Really been working on binary exploitation and reverse engineering. Cheers!
Hackback is a good 30 mins longer, so not quite
Is there any box this hard in oscp?
No
@@ippsec Thank you. this box gave me pause.
@ippsec hello sir may I know what is your rank in htb?
Why does the thumbnail pop up randomly at 13:39? Was there a spoiler?
Probably the encoder goofed up . Edited: Looked at the video I uploaded, thumbnail doesn't pop up so probably YT's encoder or something.
great