There’s a part that I don’t think it makes sense. In your Perl example, you’ve specified the pipe character in the path of the file “TheFile” whose content will be executed. However, this wasn’t the case against the target in which you’ve injected your command in the file name without touching the content of the image. In the latter case, the file content was not executed as was the case in the former Perl example. I would appreciate your clarification on this. Thanks for the video!
So in the Demo i showcase perl executing a command when opening a file. Exiftool has to open files to read the metadata. I put the RCE as the filename so when exiftool went to open the file it executed the command instead.
Great video as always. I notice you do some blue team stuff on occasions, it would be really interesting to see some stuff on Windows logs, particually on tracking activity from a user from login to logout if you have anything cool to show.
Wow I spent so much time on that initial foothold ! I made it work without the '/' by using php -r exec(base64_decode(EXPLOIT_B64)). Even there I had problem executing /bin/sh and /bin/bash. I'm impressed with the mv .sh .html thing to reverse shell move. ggs
Awesome Walkthrough IPPSEC, Thanks for showing your metheodology for the log analysis and password extraction. I was waiting for your video till Investigation retired. When I did the box, I had to manaully search special characters using VS code which was daunting. Thanks once again.
Thanks for the videos. I am having a problem viewing gobuster output, i tried less,vim even nano, but i keep seeing those weird coloring symbols. How can i view it correctly??
Please make more vd for advanced techniques red team and pivoting
solid reversing, I went the lazy strings binary route 😆
There’s a part that I don’t think it makes sense. In your Perl example, you’ve specified the pipe character in the path of the file “TheFile” whose content will be executed. However, this wasn’t the case against the target in which you’ve injected your command in the file name without touching the content of the image. In the latter case, the file content was not executed as was the case in the former Perl example. I would appreciate your clarification on this.
Thanks for the video!
So in the Demo i showcase perl executing a command when opening a file. Exiftool has to open files to read the metadata. I put the RCE as the filename so when exiftool went to open the file it executed the command instead.
Great video as always. I notice you do some blue team stuff on occasions, it would be really interesting to see some stuff on Windows logs, particually on tracking activity from a user from login to logout if you have anything cool to show.
Epic
dunno where we would be without you
I can't digest that 1 dislike.
Wow I spent so much time on that initial foothold ! I made it work without the '/' by using php -r exec(base64_decode(EXPLOIT_B64)). Even there I had problem executing /bin/sh and /bin/bash. I'm impressed with the mv .sh .html thing to reverse shell move. ggs
Great walkthrough
differing 404 pages would suggest Apache/NGINX is a reverse proxy in front some other server like Python Flask or something, right?
Awesome Walkthrough IPPSEC, Thanks for showing your metheodology for the log analysis and password extraction. I was waiting for your video till Investigation retired. When I did the box, I had to manaully search special characters using VS code which was daunting. Thanks once again.
Thanks
Push!
Its appear very small letters whatever giving information please increse sizes of words
Hey ippsec....❤
Thanks for the videos. I am having a problem viewing gobuster output, i tried less,vim even nano, but i keep seeing those weird coloring symbols. How can i view it correctly??
Use less with -R
Pass it to less, and then pass it to more. This will give you more of less
@@kariminal2999 Thanks man