I read walk-throughs either when get stuck for a while or after the challenge, and your videos are explaining better + I get more tips on other tools/techniques. This will be my way moving forward: starting point box -> walk-through -> your video
Since making this video, new machines have been added to the Tier 1 Starting Point, here's those videos: Responder: ua-cam.com/video/R8GOLiKIA1k/v-deo.html Bike: ua-cam.com/video/_JUakU4qGug/v-deo.html
For pennyworth I didn't get hydra to work for bruteforcing as it didn't detect the "Invalid username or password" text, but using burp suite intruder with cluster bomb attack I managed to bruteforce the jenkins credentials pretty quickly.
omg i'm really overthinking this because i saw " Message signing enabled but not required " i thought it was smb relay attack so i used responder and waited for hours to get a hash but it was simply blank password? why is that this is really frustrating!! thanks for your content though, very helpful.
How did you make gobuster showing wordlists as you type it in the terminal, i mean you wrote gobuster dir -w /usr/share/wordlists/ and it brang you the options like api_routes.txt and dibuster/ right in the terminal, because whenever i type gobuster dir -w /usr/share/wordlists/ it tells me that i didn't mention url, i know that u need to mention it so it works, but i don't want to loose time searching wordlists manually in filesystem and have them just like you (coming as i write the line to activate gobuster). Time stamp is 36:00 , crocodile machine. If you would help, it would be awesome.
Thanks mate 🥰 Is this for the PayloadsAllTheThings repo? You could just clone it to the desktop but I cloned it somewhere else then just created a shortcut (symlink) to it on the Desktop. I then use a simple script to recursively update all git repos periodically (although there's numerous AUR solutions available).
@@S2eedGH Ah OK yep, I use a script like this: gist.github.com/douglas/1287372 I just run every few days from my home directory and it recusively updates all the repos 😀
In Pennyworth, searching for the default password seemed like a misdirection on part by HTB. I found no such list related to jenkins. Only the file location for an "initial password" and it was not even close to what was on the list of default PWs provided by HTB.
Go with the security edition! It comes with a lot of pentesting tools. If you install the home edition it's OK too, you'll just have to install/configure more apps as you go.
Can you do a update of this video I cant find a tut for Responder machine anywhere it must be new cuz nobody has it on youtube Or just a seperate tut just for responder its after Crocodile now not ignition. At least in my HTB it is.
subl is Sublime text editor: www.sublimetext.com, but you can use any text editor. Just copy and paste the request from burp suite or firefox dev tools into your text file and pass to SQLMap with the -r flag 😉
So I have a question about two of the Academy machines that I am having trouble with. In the Getting Started and Web Request modules if I try and run a ping on the box I get nothing back. Do I need to add the entry to the etc/hosts file?
You won't need to add to the hosts file if you're accessing by IP address (not domain name). Double check your VPN connectivity; I haven't tried academy but presumably it uses a different config to HTB starting point. If you can't get it working, check the forum or discord for more help: discord.gg/hackthebox
hi sorry to comment on an old video, but I spent like 3 hours trying to brute force the login page with hydra and ffuf on Pennyworth 😂, only to realize now after watching the vid, it is not possible in the traditional way. May I ask in this case if it would be possible to somehow brute force the login using another way ? Couldn't really find much online for this
I can't remember the question you are referring to but you're right, '#' is used for single-line comments in bash. It's also used for many others, e.g. python, perl, SQL 🙂
Thanks you sir, your video helping me a lot.. Unfortunately sir, I'm facing some problem When i execute the command "nmap -p- -sV ip" so it's took a lot of time, upto hours
Could be connectivity issues. If everything is OK with your network, try resetting the box and if that fails, change the VPN server (redownload connection pack).
@@tristan3006 Oh OK, maybe try changing servers (although might be only one for starting point). I've had problems with free VPN in the past, less so with VIP.
unfortunately i cant connect to the mariadb. mysql -u root -h 10.129.84.254 errormessage: ERROR 2002 (HY000): Can't connect to server on '10.129.84.254' (115) i can connect to my local server with mysql -u root so how can i connect to the target mariadb?
I read walk-throughs either when get stuck for a while or after the challenge, and your videos are explaining better + I get more tips on other tools/techniques.
This will be my way moving forward: starting point box -> walk-through -> your video
tyty 💜
Since making this video, new machines have been added to the Tier 1 Starting Point, here's those videos:
Responder: ua-cam.com/video/R8GOLiKIA1k/v-deo.html
Bike: ua-cam.com/video/_JUakU4qGug/v-deo.html
Tq
Explain very clear, before thinking for a long time, see your video be suddenly enlightened
awww that's great! thanks mate 🥰
I noticed you heart almost every comment in this video, so I just wanted to say I really appreciate your content
Awww thanks mate 🥰
THANK YOU! super new yet still completed that module on HTB but didn't yet understand what was happening. Definitely subscribing!
Awesome! 🙏🥰
You make very difficult subject very approachable and fun. Thank you sir
Thank you! 🙏🥰
well taught and easy to follow these tutorials. thanks
Thank you 🙏🥰
❤️❤️❤️really helpful thanyouu 🍃❤️
Happy to help! 🥰
I learned much in this video
Perfect!! 🙏
For pennyworth I didn't get hydra to work for bruteforcing as it didn't detect the "Invalid username or password" text, but using burp suite intruder with cluster bomb attack I managed to bruteforce the jenkins credentials pretty quickly.
Congrats bro👍
thanks mate 🥰
omg i'm really overthinking this because i saw " Message signing enabled but not required " i thought it was smb relay attack so i used responder and waited for hours to get a hash but it was simply blank password? why is that this is really frustrating!!
thanks for your content though, very helpful.
CryptoCat is the God. Bless You!
😮🙏🥰
How did you make gobuster showing wordlists as you type it in the terminal, i mean you wrote gobuster dir -w /usr/share/wordlists/ and it brang you the options like api_routes.txt and dibuster/ right in the terminal, because whenever i type gobuster dir -w /usr/share/wordlists/ it tells me that i didn't mention url, i know that u need to mention it so it works, but i don't want to loose time searching wordlists manually in filesystem and have them just like you (coming as i write the line to activate gobuster).
Time stamp is 36:00 , crocodile machine.
If you would help, it would be awesome.
If you hit the tab key it should autocomplete, so hit it twice to bring up possible options. Really saves time!
really perfect ! may I ask how did you link the folder to Github repo to get latest version of the tool ?
Thanks mate 🥰 Is this for the PayloadsAllTheThings repo? You could just clone it to the desktop but I cloned it somewhere else then just created a shortcut (symlink) to it on the Desktop. I then use a simple script to recursively update all git repos periodically (although there's numerous AUR solutions available).
@@_CryptoCat thx for replay, what I'm looking for is how to update all repos that I cloned before and stay up to date
@@S2eedGH Ah OK yep, I use a script like this: gist.github.com/douglas/1287372
I just run every few days from my home directory and it recusively updates all the repos 😀
@@_CryptoCat Thanks for your effort man, keep going good work we learned a lot from you
@@S2eedGH Np! Great to hear, ty 🥰
Great video man! I learned a lot of new things 💙
thank you 💜
admin'# with a random password worked for me
Nice! Love the username 😉
In Pennyworth, searching for the default password seemed like a misdirection on part by HTB. I found no such list related to jenkins. Only the file location for an "initial password" and it was not even close to what was on the list of default PWs provided by HTB.
Yeh same, I couldn't find the list they were referring to 😆
Thank you so much for your videos.
Very welcome! 🥰
Thank you very much for this video, I learned a lot
Great to hear! thanks 🥰
In the pennyworth video, you can get the version information of Jenkins by visiting /oops or /error.
This does not require a login.
nice! 🔥
if u have an error on sequel mysql -h 10.129.60.3 -u root -p --skip-ssl do that
what edition of parrot os should i use for the academy, is it the security or home edition?
Go with the security edition! It comes with a lot of pentesting tools. If you install the home edition it's OK too, you'll just have to install/configure more apps as you go.
Can you do a update of this video I cant find a tut for Responder machine anywhere it must be new cuz nobody has it on youtube Or just a seperate tut just for responder its after Crocodile now not ignition. At least in my HTB it is.
Wow, that was a fast request, Responder was just released today! 😂 I'll have a video up for it at the start of next week 😉
Show how to solve the new registration method. It's been updated since all posted tuts
interesting, thanks for the tip! if it's allowed by HTB's strict walkthrough policy i'll definitely cover it 😊
@@_CryptoCat awesome
Whats subl? How do i make a file that sqlmap accepts
subl is Sublime text editor: www.sublimetext.com, but you can use any text editor. Just copy and paste the request from burp suite or firefox dev tools into your text file and pass to SQLMap with the -r flag 😉
So I have a question about two of the Academy machines that I am having trouble with. In the Getting Started and Web Request modules if I try and run a ping on the box I get nothing back. Do I need to add the entry to the etc/hosts file?
You won't need to add to the hosts file if you're accessing by IP address (not domain name). Double check your VPN connectivity; I haven't tried academy but presumably it uses a different config to HTB starting point. If you can't get it working, check the forum or discord for more help: discord.gg/hackthebox
@@_CryptoCat Yep I was able to gain access and solve the challenge
@@scwyldspirit Great! 😊
hi sorry to comment on an old video, but I spent like 3 hours trying to brute force the login page with hydra and ffuf on Pennyworth 😂, only to realize now after watching the vid, it is not possible in the traditional way. May I ask in this case if it would be possible to somehow brute force the login using another way ? Couldn't really find much online for this
Hmmm been a while since I looked at it but does this help? cloud.hacktricks.xyz/pentesting-ci-cd/jenkins-security#bruteforce
@@_CryptoCat really missed this one, I should check out hacktricks more often, many thanks
Appointment was little bit confusing, but it was easy when i got it.
Nice job! 👊
Fast make video in tier 2......love your work......from india ❣️
What's your qualifications....?
And what you work as any company....?
How many years you had in enter security analyst ....?
Plz answer this question
thanks mate 🥰 will try and get the tier 2 done next week 😉
so many questions 😆 most of my qualifications/experience is listed on my linkedin - www.linkedin.com/in/cryptocat
I beleive the question "what symbol do we use to comment out parts of the code?" is referring to bash.
I can't remember the question you are referring to but you're right, '#' is used for single-line comments in bash. It's also used for many others, e.g. python, perl, SQL 🙂
Thanks you sir, your video helping me a lot..
Unfortunately sir, I'm facing some problem
When i execute the command "nmap -p- -sV ip" so it's took a lot of time, upto hours
Could be connectivity issues. If everything is OK with your network, try resetting the box and if that fails, change the VPN server (redownload connection pack).
@@_CryptoCat thanks you.. my problem solved by adding" -T4 "
thanks!
Perfecttttt
thank you 🥰
nice video
ty 💜
Nice
🥰🥰🥰
Task 4 is incorrect for me..
Task 4 on which machine? 😆 Can you give me timestamp and a bit more info?
great
🙏🥰
gg
💜
No Bike machine :(
Oh damn, I missed the new machine release! When I've got some time I'll re-sub to the VIP and make a walkthrough 😅
@@_CryptoCat thx mate
why can't i access the url?
What error do you get? Check VPN connection? Reset box?
I pass hour on submit flag and the thing was on my face
good content, but the hackthebox vpn are just so broken and they just don't work
Free or VIP? 🤔🤑
@@_CryptoCat I think it was VIP
@@tristan3006 Oh OK, maybe try changing servers (although might be only one for starting point). I've had problems with free VPN in the past, less so with VIP.
@@_CryptoCat Thx yeah there was a little problem but I tried again and it worked
unfortunately i cant connect to the mariadb.
mysql -u root -h 10.129.84.254
errormessage: ERROR 2002 (HY000): Can't connect to server on '10.129.84.254' (115)
i can connect to my local server with
mysql -u root
so how can i connect to the target mariadb?
Double check steps in video / official PDF walkthrough. If that fails, check the hackthebox discord and/or forum for support 😉
if you did
sudo mysql -h $IP
it would show you the version
woaw, in Appointment I just put login admin and password: aa' OR 1=1 --
nice! there's a few ways to do it 😊
I guess, they changed it again and for me it didn't work. But it works with # as comment symbol. a' or 1=1#
@@beyrin2024 Try to put a space bar after the -- and see if it works :) >a' OR 1=1 -- <
But yeah, they might have changed it! Nice workouround