Quick tip for gaining a quick overview of possible entries. You can feed nmap.xml to searchsploit as long as you ran nmap with sV Like this: Searchsploit -v --nmap nmap.xml
hey ippsec thank you man for the videos, they are really helpful. Regarding the NSE you can use --script-timeout 2m or 20s for example to avoid the issue of a script looping.
I was raised in Watertown. One town over from you. I was always told wherever I may roam, theres no place like home. 😄 Great video. Like the new mic as well.
hi, can someone please explain to me why the php wrapper is necessary in the first place? why not just go straight into uploading into the smb. was the php wrapper part necessary to then know that it's possible to upload into smb?
Hey ippsec, love the vids! You’re a life saver!just curious, you always start off with the same nmap scan, what’s the benefit of having all output formats? When would you use each of the formats?
Why fix the NC shell when there was a perfectly good ssh session in the next tmux tab ;) For future, the smb-enum-shares nmap script showed the paths of the shares and would have confirmed /etc/Development.
Because not many machines have SSH, so wanted to show the process of fixing it for those cases. If you always take the easiest path, you won't learn anything :)
Thank you very much , how are you able to get that status bar at the bottom of the terminal ? also the regular terminal cant be split like you just do , is this a custom script you are using?
@@ippsec Thank you so much for the response! I'm a huge fan of yours and thank you so much for everything you do! You've taught me more about this field than any other single source! Keep being awesome, you fucking wizard.
The reverse shell imports os and use some functions inside os library. and when you placed the shell at the top of the os library, the shell tried to use some functions that were defined below it and this results in undefined functions "since there not defined yet because they are under the shell code"
Yes, that cronjob probably can only be seen by the root. However, when the process got execute, you will be able to capture command by watch "ps". However, that will need to be at the specific time.
hey man i know its a noob question, but could u maybe do a short video on actually getting access on kali linux for hack the box when u are signed up ?
@@ethan_6202 Okay, I'm guessing you mean connecting to a box and trying it out. With that, you'll need your personal VPN configuration file downloaded to your local computer and after that, you can connect to the HTB network on kali with ```openvpn ethan.ovpn``` (i'm assuming that's your username), and that should give you access to the network to start trying out the boxes.
@@you-wuzi well in the access tab there is the lab access details and next to connected there is a cross so i though maybe i had to do something before doing boxes
that series of commands to get the list of hostnames was awesome
You made this look so easy and it took me like a day and a half of poking around until I got user. Bravo. I have much to learn.
Quick tip for gaining a quick overview of possible entries.
You can feed nmap.xml to searchsploit as long as you ran nmap with sV
Like this:
Searchsploit -v --nmap nmap.xml
man really u are my mentor hehe i get motivation daily seeing this
You have all my respect ! You are a living encyclopedia ! Thanks for your teaching !
Love your videos man! Thank you for the quality walkthroughs, I learn a lot by watching these!
I failed too at LFI thing....didn't know about that PHP filter....i need to increase my web skills, thanks for usual awesome job
Use wfuzz if you suspect anything... You'll see the payloads that you can use the paths for quick manual check ;)
I am just surprised how this machine rated as EASY in Hack the Box!
Hey ipp, thanks for all the detailed and thorough walkthroughs, amazing and insightful mathods. Cheers.
hey ippsec thank you man for the videos, they are really helpful. Regarding the NSE you can use --script-timeout 2m or 20s for example to avoid the issue of a script looping.
I was raised in Watertown. One town over from you. I was always told wherever I may roam, theres no place like home. 😄 Great video. Like the new mic as well.
I am not able to get uploads/administrator1/admin pages at all. They timeout, as opposed to the other ones. Maybe the box is broken? Anybody else?
Thanks very much for the awesome content mate!, it is advanced for me but I definitely learn a lot with every video. Keep it up please. Blessings.
very nice guruji
You give me peace. love you so much
As always IppSec you are so amazing keep going teacher :D
hi, can someone please explain to me why the php wrapper is necessary in the first place? why not just go straight into uploading into the smb. was the php wrapper part necessary to then know that it's possible to upload into smb?
Happy birthday from Italy. 😊
halleluya thats how you pronounce it .
thankyou you tell me how to enumerate on right way!!!!
Hey ippsec, love the vids! You’re a life saver!just curious, you always start off with the same nmap scan, what’s the benefit of having all output formats? When would you use each of the formats?
No reason not to. Grepable is nice for sed/awk. Regular nice for looking at it. XML is nice for reports
Okay thank you so much! I just always see you do those 3 options with nmap and was curious on the reason!
Aweome video! One question: why would you need to edit the Python OS module? Doesn't that run with the same permissions as the script itself?
Yes the script executes any library, so whatever permissions it has (user executing it), would be passed to the lib
To fix your terminal, you could also type reset.
why you write stty raw -echo ? what is the benefit of this command.?
Why fix the NC shell when there was a perfectly good ssh session in the next tmux tab ;)
For future, the smb-enum-shares nmap script showed the paths of the shares and would have confirmed /etc/Development.
Because not many machines have SSH, so wanted to show the process of fixing it for those cases. If you always take the easiest path, you won't learn anything :)
@@ippsec Makes sense. I'm fairly new to this stuff and I always learn new things from your videos.
This box took me hours :)
Is there a way to view the paths of those shares outside of smb-enum-shares from outside?
Makes it all look like cake
Thank you very much , how are you able to get that status bar at the bottom of the terminal ? also the regular terminal cant be split like you just do , is this a custom script you are using?
check out this video on how he splits it.
ua-cam.com/video/Lqehvpe_djs/v-deo.html
brooo.. how tf you do this.. respect
real good
Two questions:
1.) What are your plans now that UA-cam has declared "hacking videos" against its TOS?
2.) Are you attending Defcon this year?
1. Carry on as normal as that entire backlash was just irresponsible journalism.
2. Nope, I don’t care for large crowds or Vegas.
@@ippsec Thank you so much for the response! I'm a huge fan of yours and thank you so much for everything you do! You've taught me more about this field than any other single source! Keep being awesome, you fucking wizard.
I added the reverse shell at the top of the os.py but it doesn’t work,can anyone explain why??
The reverse shell imports os and use some functions inside os library. and when you placed the shell at the top of the os library, the shell tried to use some functions that were defined below it and this results in undefined functions "since there not defined yet because they are under the shell code"
@@nullnull6032 thx!
Thanks for the walkthrough! Any idea how to find more info about that cron job that PSPY found? Is it something that only the root user can see?
Yes, that cronjob probably can only be seen by the root. However, when the process got execute, you will be able to capture command by watch "ps". However, that will need to be at the specific time.
@@wutangdaug I don't understand how the found cron time before the run py script. im so confused. the linenum output doesn't show anything about it..
just used os.py to run a system command and copy /root/root.txt to /tmp/ 😅 probably ruined the box for some other people...whoops
can you share your reverse shell for php ???
it is in the built in kali box, or you can find it from pentestmonkey
pentestmonkey.net/tools/web-shells/php-reverse-shell
Woah!
Great , please add it and update your youtube playlist and add this i also notice few more they are not in your hackthebox playlist , much love
Pen testing is much easier than talking to girls. Also 3.5 hours seems a bit off. It took about 10 minuets to do nmap - A -p - for me.
😂😂😂
it is all about penetration my friend :D
33:39 I like this
how you split terminal into two
Hi guys , I am new here, I kind of suck with priv esc, can you suggest more privilege escalation videos like the one used in this video
www.hackingarticles.in/escalate_linux-vulnhub-walkthrough-part-1/
Spent so long enumerating on this box going down rabbit holes. Completely missed the other domain in the SSL cert. 😒
terrible box.
❤️
Wow !!!
What did u study?
Wtf did just happened after he cat creds.txt he can't say hallelujah or it's deeper than that
Just twisted up my tongue and I moved on.
@@ippsec OK cool
Lolz
cool shit
CRAP. I felt i was close to get user on this one and bom, it's retired...
Thanks
Does anyone know someone who does tutorials like these but also explains why you do something and what it means for beginners?
Try watching the older videos like popcorn.
hey man i know its a noob question, but could u maybe do a short video on actually getting access on kali linux for hack the box when u are signed up ?
What exactly do you mean by "getting access on kali linux for htb"?
@@you-wuzi well i am new to all this in terms of actually doing it, and on htb under the access tab u need to get connected
@@ethan_6202 Okay, I'm guessing you mean connecting to a box and trying it out. With that, you'll need your personal VPN configuration file downloaded to your local computer and after that, you can connect to the HTB network on kali with ```openvpn ethan.ovpn``` (i'm assuming that's your username), and that should give you access to the network to start trying out the boxes.
@@you-wuzi well in the access tab there is the lab access details and next to connected there is a cross so i though maybe i had to do something before doing boxes
@@ethan_6202 yeah you have to connect to the lab using the ovpn file
ippsec havent gone to church...
ahh hall halleujah !:)
He is an Alien for sure and that was the confirmation :)
U missed adding the Chaos box to the Medium playlist ,not that it's triggering my OCD or anything :3
Fixed.
hal lay loo ya ;-)
Very good job on box. Please add comments about /usr/bin/mtr-packet = cap_net_raw+ep attack vector. Thank you
Damnit I was working on this box and they have retired it.......had just got the shell on it.
Enumeration level 9001
Can you add 'set background=dark' into your vimrc please. Would make your vim much more readable!
i think there is another way to root !
yes i did exim exploit
6:21 Put junk in the password and frustration out...lol
5:10 xd
Can you suggest to me an Apache 2.4.10 exploit
And openssh .7... Protocol 2.0 exploit ?
This was a terrible machine....
My enumeration skillz needs more work
Man man man dear man . Im spanish and how the fuck u know all this stuff....