HackTheBox - Mango

Поділитися
Вставка
  • Опубліковано 4 гру 2024

КОМЕНТАРІ • 64

  • @kiriappeee
    @kiriappeee 4 роки тому +19

    I actually found myself clapping at the privilege escalation at the end. Don't ever stop what you are doing IppSec. It's amazing educational content.

  • @yannickpeter8607
    @yannickpeter8607 4 роки тому +10

    For me the regex part was pure magic. I went full ScriptKiddy and used a working script back in the day i solved the box but never really understood what it does until now. Was waiting for that video for so long. Thank you Sir!

    • @MKVD
      @MKVD 4 роки тому

      Same lol, feels wrong that it was so easy with the script :D

    • @4kwah
      @4kwah 4 роки тому

      I am wondering from where you got that script?

  • @you-wuzi
    @you-wuzi 4 роки тому +2

    Watching this in 1.75x is like watching a thriller...you're amazing ippsec

  • @xxanonymous6578
    @xxanonymous6578 3 роки тому

    The minute I saw SQLmap in the preview I knew it was gonna be a good one.
    Thanks for the video Mr.Ippsec.

  • @ulissemini5492
    @ulissemini5492 4 роки тому +31

    21:35 you scared me there for a second

    • @CodeXND
      @CodeXND 4 роки тому +5

      and at /.ssh

  • @silverstar9644
    @silverstar9644 4 роки тому

    Woah i was thinking about analytics.php all the time
    Great Video

  • @j3r3miasmg
    @j3r3miasmg Рік тому +1

    Two cents:
    1 - string.printable
    2 - for loops in python has an else condition that is called if a break is not called

  • @Guysudai1
    @Guysudai1 4 роки тому +3

    About the for loop:
    I usually do ```for i in range(ord("!"), ord("~") + 1)``` so it's clearer what's going on and I'm not missing any ascii characters :P

  • @danilas2206
    @danilas2206 4 роки тому

    Awesome! It's really cool! Thx for writeup!

  • @bloodline211
    @bloodline211 4 роки тому +9

    How exactly do you find how if its running a mongoDB in the backend other than just looking at the mangos and thinking 'mango, mongo hmmm..' - cuz in a real life situation you'd need to somehow find out whats in the backend.

    • @medoangel8370
      @medoangel8370 4 роки тому +2

      Through nmap that's the first thing he did

    • @csmole1231
      @csmole1231 4 роки тому

      @@medoangel8370 ? but but the nmap said the http-title is mango, still the fruit, not the database...(did i miss anything?)
      (not to mention http-title can be edited by web dev i guess? they can say for example "banana protocol" but that doesn't mean it's really following banana protocol) (weird example i made but you get the idea :D)

    • @csmole1231
      @csmole1231 4 роки тому

      @@medoangel8370 i was deceived at first as well! then got so confused why ippsec know it's a mongodb hence nosql but still using sql injection😂loooool

    • @csmole1231
      @csmole1231 4 роки тому +1

      i checked the htb forum they all say stuff like "the name of the box is a big hint"🤪
      idk
      maybe in real life you just try both...?🤣

  • @henrikbjerrenielsen4125
    @henrikbjerrenielsen4125 4 роки тому +1

    a small hint: use jss with the -scripting argument then you can use $EXEC() tnx for a great video!

  • @nonope449
    @nonope449 4 роки тому +1

    Python has a strings module that has useful subsets of the ASCII characters

  • @4kwah
    @4kwah 4 роки тому +2

    This is great, I am already stuck working on the machine now 😀

  • @nicoswd
    @nicoswd 4 роки тому +19

    import re;
    re.escape(str)
    should also do the trick instead of manually escaping special regex characters

    • @steps0x029a
      @steps0x029a 3 роки тому

      Nice hint, thanks! I found that an asterisk character as part of the password leads to false positive matches. Has anyone found a solution for that?

  • @zackadzky2265
    @zackadzky2265 3 роки тому +1

    i like your cut G

  • @lumenknotty6355
    @lumenknotty6355 Рік тому

    Thank you!

  • @Haxr-dq6wt
    @Haxr-dq6wt 4 роки тому +1

    So now we have the machine name and the pics of the mango that indicates that the server is using Mongo-DB
    In real life scenario, how would you discover that the site is using No-Sql DB and how would you discover that there is sql injection in it???

  • @kydo2540
    @kydo2540 4 роки тому +1

    So I didn't catch the hint that this was supposed to lead me to mangoDB, how can I identify this in the future without a hint? Just trial and error?

  • @arvin4348
    @arvin4348 4 роки тому

    amazing bro nice job man

  • @allurbase
    @allurbase 4 роки тому +6

    :facepalm: I somehow found github/MangoDevelopers and went down a rabbit hole from there, scrapping webpages and trying to build a keywords dictionary with mango related words. kill me now.

  • @westernvibes1267
    @westernvibes1267 4 роки тому

    Ipp, is pentesterlab good for learning web exploitations? Or is there any other good resources. Am pretty weak on web stuffs thinking to practice some more advanced stuffs..like chaining exploits together and waf evasion stuffs.

  • @notargb
    @notargb 4 роки тому +1

    Hi ^^, I'm wondering: Why do you use "$ nmap -sC -sV" instead of "$ nmap -A"?
    Greetings, and thank you a lot for your content.

  • @evildead7845
    @evildead7845 4 роки тому

    Hey Everyone, Can you tell me blog sites like medium(12:40) for hacking/pentesting purpose ofc?

  • @lazarvukasinovic4878
    @lazarvukasinovic4878 4 роки тому

    which desktop environment are you using ?

  • @adrien8768
    @adrien8768 4 роки тому

    I love this vidéos

  • @YOUNES-ep8vs
    @YOUNES-ep8vs 4 роки тому

    love you bro !!

  • @sakettestsakettest8009
    @sakettestsakettest8009 4 роки тому +1

    Was easy box,but was bit of ctf like at the login time.

    • @kushalrahatkar4568
      @kushalrahatkar4568 3 роки тому

      can you please explain me what he did at the login? how did he find out what to do their?

  • @Splixy
    @Splixy 4 роки тому

    What keyboard are you using?

  • @monzerabas2433
    @monzerabas2433 4 роки тому

    U are the best

  • @4kwah
    @4kwah 4 роки тому

    I am wondering why the machine is still listed under Active machines at this moment!

    • @shubhamgurav634
      @shubhamgurav634 4 роки тому +1

      You can work on that machine for 2 days after retirement

    • @4kwah
      @4kwah 4 роки тому

      Shubham Gurav thanks for clarification!

    • @mohammadabdussamad2258
      @mohammadabdussamad2258 4 роки тому

      @@shubhamgurav634 two days? I thought it will be until the next box gets retired

  • @aminhatami3928
    @aminhatami3928 4 роки тому

    Tnk u.

  • @mikeefpv
    @mikeefpv 4 роки тому

    nice

  • @cantfinddave
    @cantfinddave 4 роки тому

    When you add an IP, host and alias to etc/hosts, why do you do that? I tried googling but cant find an answer. It only explains how to do it.

    • @Thrawen
      @Thrawen 4 роки тому +6

      Some http servers have "virtual host routing" essentially that means it will serve you different resources based on the "Host" header in the request. In this case it did not serve the page with the ip as hostname but it did with the hostname found in the ssl cert.
      by adding it to /etc/hosts you can easily just send a request with that host header. alternatively you could just manipulate the header in burp but that will get annoying fast.

    • @cantfinddave
      @cantfinddave 4 роки тому

      Awesome thank you

  • @spacenomad5484
    @spacenomad5484 3 роки тому

    21:15 Is mongodb regex broken? .* matches any amount of characters, including zero, as shown by egrep and sed:
    $ echo -n "admin" | egrep -o "admin.*" | sed -e 's/admin.*/still_a_match/g'
    So why does mongodb not match? Even egrep and sed agree, which is rare for me.
    Also, if some regex magician reads this... Why do I need to escape every damn "control character" in sed?
    echo -n "adminn" | sed -e 's/^ad\(mi[n]\+\)$/\1/g'

  • @tm_manju
    @tm_manju 4 роки тому +3

    Hi @IppSec,
    Thank You for this Awesome Script for extracting MongoDB Data. Could you please comment here on how to learn / which modules are essential for a Penetration Tester in Python in learning the Python Script Automation like this. I am waiting for your valuable response.

  • @michaelyadidya8742
    @michaelyadidya8742 4 роки тому

    when are you releasing your own box on htb? 😎😎😎

  • @cimihan4816
    @cimihan4816 4 роки тому

    hy how do you copy text or smth in tmux??

    • @zacksargent
      @zacksargent 4 роки тому

      superuser.com/questions/196060/selecting-text-in-tmux-copy-mode

    • @cimihan4816
      @cimihan4816 4 роки тому

      @Kanchho Chhoro a hora XD

  • @BlackHermit
    @BlackHermit 4 роки тому +1

    re.escape!

  • @youssefbenyahia9448
    @youssefbenyahia9448 4 роки тому

    August left Chris in America. Can you get the flag and reunite them? a crypto challenge in hackthebox plzzz help me

  • @lawaace1056
    @lawaace1056 4 роки тому

    Cmon man hahahaha , you are a legend , seeing you disappoints me as a noob lol

  • @aharonmo4188
    @aharonmo4188 4 роки тому

    :)

  • @raffaeleriddle
    @raffaeleriddle 4 роки тому

    They should allow new subscribers to pentest also retired machines..

    • @ippsec
      @ippsec  4 роки тому

      Then people would just keep creating accounts, it's only ~10 for a month of full access.

    • @raffaeleriddle
      @raffaeleriddle 4 роки тому

      @@ippsec Then they should allow everyone to pentest retired machines, just with no credit, only for academic and practical purposes
      , It'd be a profitable learning method. Thanks for answering btw.

  • @humanflybzzz4568
    @humanflybzzz4568 4 роки тому +1

    Yeah Python did not work for me, had to write a bash script :) as always, It's a great learning exp. to see pros do it after you've stumbled around like a drunken a**hole.

  • @k5tggiv6ubmmb3as9
    @k5tggiv6ubmmb3as9 4 роки тому

    first