HackTheBox - Pit

Поділитися
Вставка
  • Опубліковано 4 гру 2024

КОМЕНТАРІ • 52

  • @900dm4n
    @900dm4n 3 роки тому +13

    Thank you for everything. I have been watching you since the Popcorn video, at that time I didn’t know nothing about what you are doing, it just the terminal and your voice that got me excited to watch. Now with a basic knowledge & a proper google account, I can spend hours after hours rewatching your videos. I have hug respect for you man!

    • @900dm4n
      @900dm4n 3 роки тому

      @Jonsn0w Gaming about 4 years ago I didn’t have an account. I just watched YT without signing in. I was really kind of noob back then, just know basic stuff about computer, but I do love when someone working on a terminal, and ippsec is the one who I decided to watch.

    • @900dm4n
      @900dm4n 3 роки тому

      @Jonsn0w Gaming English is not my native language, sorry if I make any misunderstanding

    • @900dm4n
      @900dm4n 3 роки тому

      @Jonsn0w Gaming At first I really interested in hacking, because of the movie “The Matrix”. But at that time I just thought hacking was like open a terminal and type. When I watch his Popcorn walkthrough, I did ask my uncle and he said it’s legit the linux command he was typing. So I keep watching his videos, until now I decided to jump into info sec. Tough start but really happy when I can finally understand and learn from him.

    • @ippsec
      @ippsec  3 роки тому +7

      Thanks for the comment! Glad you enjoy the videos

  • @arthurwestcott5437
    @arthurwestcott5437 3 роки тому +2

    Been going down too many rabbit holes recently on HTB machines. Creators are being more devious - or just more lucky!

  • @kouroshrajabzadeh4176
    @kouroshrajabzadeh4176 3 роки тому +1

    Thanks for the great explanation.
    Looks like those '403 forbiddens' in gobuster were because of some blacklist keywords like 'conf' and their appearances: 'wp-config', 'conf', 'confirmation' and etc ...

  • @azelbane87
    @azelbane87 3 роки тому +1

    After 4and+ months away from my kali&computers in general, there is NO other BETTER WAY of getting back and watching 1 of your walkthroughs! Outstanding video as usual, excellent explanation of the SELinux stuff! Absolutely OWSOME!!! Better than an orgasm! 😂👌🏿👍🏿🤣👏🏿👏🏿

  • @buhaytza2005
    @buhaytza2005 3 роки тому +2

    Thinking back to your video about OMIGod and auditd, seems like SELinux would be great in terms of limiting some of the actions that auditd only records. Thanks for the video

  • @WithoutRemorce
    @WithoutRemorce 3 роки тому

    Please never stop with the video making!

  • @x.plorer
    @x.plorer 3 роки тому +8

    Please make a detailed video on SNMP enumeration :) Great video as always!!

    • @ippsec
      @ippsec  3 роки тому +18

      I'm really not a fan at the "targeted learning", or all the people that try to build the "perfect workflow". The amount of information you can get out of SNMP is endless, it's better to just understand the basics of how it works and go with the flow. In this case it was along the lines of "I really wish i knew some HTML Directories... lets grep our notes and hope for the best".
      A course would say the information could be in there, and you'd feel good completing a lab to say yes i got this information out of snmp before. However, a year or two down the line you forget all about it and its worthless. It's the difference between learning how to fish, and learning how to catch catfish. One is more versatile and will work in a large number of places... Whereas the other is fish and probably location dependent.

    • @x.plorer
      @x.plorer 3 роки тому

      @@ippsec Yes, understood what you want to convey. Thanks for pointing me in right direction.

  • @julianopl
    @julianopl 3 роки тому

    Woot what a class about selinux!!! Thanks a lot!!!

  • @cpb42
    @cpb42 2 роки тому

    I think the issue with ssh keys not working was either an selinux flag missing from /home/michelle/.ssh or due to the permissions on /home/michelle/.ssh not being 0700 / too open.
    Testing with the mode shown (0775) denies access when logging into a test system.

  • @George-pv1lq
    @George-pv1lq 3 роки тому +1

    20:09 maybe you should have tried -z range,0-30 ?

  • @susnoname
    @susnoname 2 роки тому

    Thanks!

  • @hadrian3689
    @hadrian3689 3 роки тому +3

    Snmpwalk wasn’t showing me the seeddms when I was first working this box but the Perl script of snmpbw did. I still can’t figure out why. I wonder if anyone else had the same issue.
    Anyway, thanks for the video!

    • @ippsec
      @ippsec  3 роки тому +6

      You may need the period at the end to crawl all

    • @hadrian3689
      @hadrian3689 3 роки тому +1

      @@ippsec Oh yea, I just reviewed my notes and saw that I was in fact missing the period. Thanks! Not good enough recon after all

    • @maxrand6611
      @maxrand6611 3 роки тому

      I had the same issue. I was missing the .1 ;(

    • @protito
      @protito 3 роки тому

      omg it was the . :'''(

    • @djawedbenahmed208
      @djawedbenahmed208 3 роки тому

      same

  • @lalithkumar2687
    @lalithkumar2687 3 роки тому

    @IppSec May I know what are u using i mean vmware or virtualbox or dualboot ?

  • @marsanmarsipan
    @marsanmarsipan 3 роки тому +2

    Your VM has the hostname of omigod still.. Not a big deal, but maybe change so the viewers dont get confused?

  • @thilosavage
    @thilosavage 2 роки тому

    Was sqlmap not attempted because any injection vulnerability would have already been documented in searchsploit?

  • @pepemunic3661
    @pepemunic3661 3 роки тому

    Really good box!
    TY!

  • @lllep84
    @lllep84 3 роки тому

    Good job! Thx!

  • @xking18
    @xking18 3 роки тому +1

    ssh key did not work as ~michelle/.ssh was group writeable...

    • @ippsec
      @ippsec  3 роки тому

      Thanks I always fuck up with the perms there

  • @sand3epyadav
    @sand3epyadav 3 роки тому

    Ippsec sir! So cute.

  • @davehans9262
    @davehans9262 3 роки тому

    loved ur video before i even opened it..

  • @tharuneshwarv1582
    @tharuneshwarv1582 3 роки тому

    @IppSec why are we running snmpwalk 2nd time at 50:52

  • @Ms.Robot.
    @Ms.Robot. 3 роки тому

    Thanks❤️

    • @ippsec
      @ippsec  3 роки тому

      Thanks for all the comments! A few more months and you'll have been watching for two years.

  • @InfectedKnife
    @InfectedKnife 3 роки тому

    Hello ippsec, I’d like to buy a laptop mostly to do things like you do. I have a budget of around 2k, what would be a viable laptop and what specs should I mostly look for? And what kind of laptop do you use?

    • @ippsec
      @ippsec  3 роки тому +1

      I haven’t used a laptop in a year, and that laptop is 7+years. I’m not the one that can answer this, sorry

    • @InfectedKnife
      @InfectedKnife 3 роки тому

      @@ippsec alright, thank you.

  • @ericka.montanez6821
    @ericka.montanez6821 3 роки тому +1

    I'm enjoying your videos a lot! It has really helped me speed up my learning process and I'm loving it!
    How can I donate? I'd love to buy you a coffee 😁

  • @passerby184
    @passerby184 3 роки тому

    using htaccess for seeddms doesn't feel right. are they only support appache and ctf author manually installed on nginx or lazy devs left a hole?

  • @sahal9236
    @sahal9236 3 роки тому

    Please do a UA-cam live on hack the box machine♥️

  • @aaryanbhagat4852
    @aaryanbhagat4852 3 роки тому

    Why you created list with just 4 random strings as your bruteforcing list?
    This case is lucky as here the username matches with the password.

    • @ippsec
      @ippsec  3 роки тому +1

      It was demoing a relatively successful way to bruteforce. Make it easy on yourself so if you find other usernames, can quickly try it.

  • @berndeckenfels
    @berndeckenfels 3 роки тому

    Instead of snmpwalk to retrigger within 5mins, use snmpget with the oid instead

    • @ippsec
      @ippsec  3 роки тому +1

      I show that at the end of the video

  • @luf832
    @luf832 3 роки тому

    came here from lucid

  • @subh0x
    @subh0x 3 роки тому

    probably for the first time ippsec disclosed a flag , lmao

  • @mounir7320
    @mounir7320 3 роки тому

    First comment

  • @Penguin-org
    @Penguin-org 3 роки тому

    already rooted

  • @yamunaudayanthi3266
    @yamunaudayanthi3266 3 роки тому

    Great video...❤️ Thank you...😌