Thank you for everything. I have been watching you since the Popcorn video, at that time I didn’t know nothing about what you are doing, it just the terminal and your voice that got me excited to watch. Now with a basic knowledge & a proper google account, I can spend hours after hours rewatching your videos. I have hug respect for you man!
@Jonsn0w Gaming about 4 years ago I didn’t have an account. I just watched YT without signing in. I was really kind of noob back then, just know basic stuff about computer, but I do love when someone working on a terminal, and ippsec is the one who I decided to watch.
@Jonsn0w Gaming At first I really interested in hacking, because of the movie “The Matrix”. But at that time I just thought hacking was like open a terminal and type. When I watch his Popcorn walkthrough, I did ask my uncle and he said it’s legit the linux command he was typing. So I keep watching his videos, until now I decided to jump into info sec. Tough start but really happy when I can finally understand and learn from him.
Thanks for the great explanation. Looks like those '403 forbiddens' in gobuster were because of some blacklist keywords like 'conf' and their appearances: 'wp-config', 'conf', 'confirmation' and etc ...
After 4and+ months away from my kali&computers in general, there is NO other BETTER WAY of getting back and watching 1 of your walkthroughs! Outstanding video as usual, excellent explanation of the SELinux stuff! Absolutely OWSOME!!! Better than an orgasm! 😂👌🏿👍🏿🤣👏🏿👏🏿
Thinking back to your video about OMIGod and auditd, seems like SELinux would be great in terms of limiting some of the actions that auditd only records. Thanks for the video
I'm really not a fan at the "targeted learning", or all the people that try to build the "perfect workflow". The amount of information you can get out of SNMP is endless, it's better to just understand the basics of how it works and go with the flow. In this case it was along the lines of "I really wish i knew some HTML Directories... lets grep our notes and hope for the best". A course would say the information could be in there, and you'd feel good completing a lab to say yes i got this information out of snmp before. However, a year or two down the line you forget all about it and its worthless. It's the difference between learning how to fish, and learning how to catch catfish. One is more versatile and will work in a large number of places... Whereas the other is fish and probably location dependent.
I think the issue with ssh keys not working was either an selinux flag missing from /home/michelle/.ssh or due to the permissions on /home/michelle/.ssh not being 0700 / too open. Testing with the mode shown (0775) denies access when logging into a test system.
Snmpwalk wasn’t showing me the seeddms when I was first working this box but the Perl script of snmpbw did. I still can’t figure out why. I wonder if anyone else had the same issue. Anyway, thanks for the video!
Hello ippsec, I’d like to buy a laptop mostly to do things like you do. I have a budget of around 2k, what would be a viable laptop and what specs should I mostly look for? And what kind of laptop do you use?
I'm enjoying your videos a lot! It has really helped me speed up my learning process and I'm loving it! How can I donate? I'd love to buy you a coffee 😁
Thank you for everything. I have been watching you since the Popcorn video, at that time I didn’t know nothing about what you are doing, it just the terminal and your voice that got me excited to watch. Now with a basic knowledge & a proper google account, I can spend hours after hours rewatching your videos. I have hug respect for you man!
@Jonsn0w Gaming about 4 years ago I didn’t have an account. I just watched YT without signing in. I was really kind of noob back then, just know basic stuff about computer, but I do love when someone working on a terminal, and ippsec is the one who I decided to watch.
@Jonsn0w Gaming English is not my native language, sorry if I make any misunderstanding
@Jonsn0w Gaming At first I really interested in hacking, because of the movie “The Matrix”. But at that time I just thought hacking was like open a terminal and type. When I watch his Popcorn walkthrough, I did ask my uncle and he said it’s legit the linux command he was typing. So I keep watching his videos, until now I decided to jump into info sec. Tough start but really happy when I can finally understand and learn from him.
Thanks for the comment! Glad you enjoy the videos
Been going down too many rabbit holes recently on HTB machines. Creators are being more devious - or just more lucky!
Thanks for the great explanation.
Looks like those '403 forbiddens' in gobuster were because of some blacklist keywords like 'conf' and their appearances: 'wp-config', 'conf', 'confirmation' and etc ...
After 4and+ months away from my kali&computers in general, there is NO other BETTER WAY of getting back and watching 1 of your walkthroughs! Outstanding video as usual, excellent explanation of the SELinux stuff! Absolutely OWSOME!!! Better than an orgasm! 😂👌🏿👍🏿🤣👏🏿👏🏿
Thinking back to your video about OMIGod and auditd, seems like SELinux would be great in terms of limiting some of the actions that auditd only records. Thanks for the video
Please never stop with the video making!
Please make a detailed video on SNMP enumeration :) Great video as always!!
I'm really not a fan at the "targeted learning", or all the people that try to build the "perfect workflow". The amount of information you can get out of SNMP is endless, it's better to just understand the basics of how it works and go with the flow. In this case it was along the lines of "I really wish i knew some HTML Directories... lets grep our notes and hope for the best".
A course would say the information could be in there, and you'd feel good completing a lab to say yes i got this information out of snmp before. However, a year or two down the line you forget all about it and its worthless. It's the difference between learning how to fish, and learning how to catch catfish. One is more versatile and will work in a large number of places... Whereas the other is fish and probably location dependent.
@@ippsec Yes, understood what you want to convey. Thanks for pointing me in right direction.
Woot what a class about selinux!!! Thanks a lot!!!
I think the issue with ssh keys not working was either an selinux flag missing from /home/michelle/.ssh or due to the permissions on /home/michelle/.ssh not being 0700 / too open.
Testing with the mode shown (0775) denies access when logging into a test system.
20:09 maybe you should have tried -z range,0-30 ?
Thanks!
Snmpwalk wasn’t showing me the seeddms when I was first working this box but the Perl script of snmpbw did. I still can’t figure out why. I wonder if anyone else had the same issue.
Anyway, thanks for the video!
You may need the period at the end to crawl all
@@ippsec Oh yea, I just reviewed my notes and saw that I was in fact missing the period. Thanks! Not good enough recon after all
I had the same issue. I was missing the .1 ;(
omg it was the . :'''(
same
@IppSec May I know what are u using i mean vmware or virtualbox or dualboot ?
Your VM has the hostname of omigod still.. Not a big deal, but maybe change so the viewers dont get confused?
Was sqlmap not attempted because any injection vulnerability would have already been documented in searchsploit?
Really good box!
TY!
Good job! Thx!
ssh key did not work as ~michelle/.ssh was group writeable...
Thanks I always fuck up with the perms there
Ippsec sir! So cute.
loved ur video before i even opened it..
@IppSec why are we running snmpwalk 2nd time at 50:52
The reply to comment by Bernd Eckenfels.
Thanks❤️
Thanks for all the comments! A few more months and you'll have been watching for two years.
Hello ippsec, I’d like to buy a laptop mostly to do things like you do. I have a budget of around 2k, what would be a viable laptop and what specs should I mostly look for? And what kind of laptop do you use?
I haven’t used a laptop in a year, and that laptop is 7+years. I’m not the one that can answer this, sorry
@@ippsec alright, thank you.
I'm enjoying your videos a lot! It has really helped me speed up my learning process and I'm loving it!
How can I donate? I'd love to buy you a coffee 😁
using htaccess for seeddms doesn't feel right. are they only support appache and ctf author manually installed on nginx or lazy devs left a hole?
Please do a UA-cam live on hack the box machine♥️
Why you created list with just 4 random strings as your bruteforcing list?
This case is lucky as here the username matches with the password.
It was demoing a relatively successful way to bruteforce. Make it easy on yourself so if you find other usernames, can quickly try it.
Instead of snmpwalk to retrigger within 5mins, use snmpget with the oid instead
I show that at the end of the video
came here from lucid
probably for the first time ippsec disclosed a flag , lmao
First comment
already rooted
Great video...❤️ Thank you...😌