HackTheBox - Breadcrumbs

Поділитися
Вставка
  • Опубліковано 9 гру 2024

КОМЕНТАРІ • 40

  • @h4gg497
    @h4gg497 3 роки тому +1

    Awesome. This was the first hard box I have done in a while and I learnt quite a bit on it, was pretty happy that I got through it. The entropy analysis of the cookies you did was super interesting!

  • @fabiorj2008
    @fabiorj2008 3 роки тому +8

    its is one of the things that i most like to do in Saturday: to see ippsec 's video. I would really appreciate it if you would come back to broadcast lives. You is like Pele. Anyone who saw the videos about him playing soccer can think that is easy, but when you try to do same thing you realize: Its not easy; Its easy for him because his is Pele.

  • @JuanBotes
    @JuanBotes 3 роки тому +1

    It is a joy to watch your videos, thanks for making videos.!

  • @ChristopherPelnar
    @ChristopherPelnar 3 роки тому

    This was a goldmine of information. Thanks again IppSec!

  • @mhijazi736
    @mhijazi736 3 роки тому +3

    Nice video! 1:03:45 that phantom Microsoft file though 😂

  • @padaloni
    @padaloni 3 роки тому

    I really enjoyed this video. cheers ipp

  • @IBOY_
    @IBOY_ 3 роки тому

    Enjoy your videos 😍

  • @charlc
    @charlc 3 роки тому

    Thanks Ipp, amazing vid.

  • @marsanmarsipan
    @marsanmarsipan 3 роки тому

    I could read all the files, but got jammed on not figurering out the jwt token. Good work explaining how it works, Ipp.

  • @armandkruger911
    @armandkruger911 3 роки тому +8

    I can hear his dog playing in the background, so cute. Does he still sleep under your desk?

  • @dazoedave
    @dazoedave 3 роки тому +10

    dos2unix didn't wipe the file, you had changed to the source dir and using the history command running vim source/.... which was just opening source/source/....

    • @ShimrraJamaane
      @ShimrraJamaane 3 роки тому +1

      Yeah. He was trying to work too fast and making some silly mistakes. Like he thought the default ssh behavior of iterating over default keys was some windows specific thing. Also, he didn't need burp pretty much at all. Could have been done with dev console and curi which is much simpler.
      He lost some simple knowledge trying to think too hard, too early. But, he did keep on moving. Success is success.

  • @adogonz442
    @adogonz442 3 роки тому +1

    Really fun box

  • @saketsrv9068
    @saketsrv9068 3 роки тому

    Another day to watch the legend in action

  • @islem1263
    @islem1263 3 роки тому

    The response from the lfi is json you could also pipe it to jq and you'd get clean result

  • @gabrielsantos19
    @gabrielsantos19 3 роки тому

    IppSec, have you ever checked out asciinema?

  • @andyli
    @andyli 3 роки тому

    damn this box was hard

  • @younesmohssen8158
    @younesmohssen8158 3 роки тому

    How hard are today’s oscp boxes when compared to this box? I have my exam scheduled for next month and I haven’t rooted this box because I was stuck in some areas

    • @T1081198
      @T1081198 3 роки тому +1

      TLDR at end. September third attempt for me. I hope the PWK helps you. Just remember: screencap and cp all commands into your exam template - it really sucks the next day after a powernap to have to write a legit report for a pentest you're not getting paid for, is unrealistic in scope, and is designed to check your basic soft-skills as a pentester - stamina, attention to detail, quick decision making when things change, etc. So they throw a lot of rabbit holes at you. If you've got BoF down, I mean down as in you can copy and paste commands that you've been practicing with in mona, a vulnerable app, thats a huge chunk taken care of in less than 2 hours (*assuming you don't get a lot of bad chars), there's a list of HTB and VulnHub machines that are better to practice with. I took the exam after the change in 2020 twice, my assumption is that the marketing has changed more than the awesome material they give you. I still use my pdf as a reference guide. They will give you all the information you need, just make sure to read through it thoroughly. You're going to do fine if you haven't been pentesting for long. If your mind works better in CTF-style of testing, you're going to crush it. Just don't get caught in rabbit holes and do manual testing and fuzzing. They design it to not work well with the basic lists that are popular, but sometimes they do. I can't really say what I've run into and what I haven't.........TLDR: I can say this box is probably on the harder side of what you'll run into, do BoF first. I hope this helps!

    • @younesmohssen8158
      @younesmohssen8158 3 роки тому

      @@T1081198 heyyyyy thanks so much! Yeahhh the PWK labs have been super awesome so far. Super stoked about the exam but also very nervous lol. As for the BOF’s I’m finally able to say I can easily crush them and they’re now considered a breeze for me which is super nice! Thanks so much for the tips man :)

    • @younesmohssen8158
      @younesmohssen8158 3 роки тому

      @@T1081198 I hope you finally pass yours this time 💪 best of luck :)

  • @MASAbirokou
    @MASAbirokou 2 роки тому

    why we can decrypt AES with iv=00000.... ?

  • @SweatSculptSucceed
    @SweatSculptSucceed 3 роки тому

    Who made the box? 0xdf?

  • @rawkstar952
    @rawkstar952 3 роки тому

    ippsec I'm still waiting for your Obsidian video T_T

  • @bech2342
    @bech2342 3 роки тому

    never us regex for HTML. you can use beautifulsoup and parse it ;)

  • @mounir7320
    @mounir7320 3 роки тому

    Second

  • @user-fp6dt1os1l
    @user-fp6dt1os1l 3 роки тому

    first

  • @binbinbashexe274
    @binbinbashexe274 3 роки тому

    Last

  • @scall0p
    @scall0p 3 роки тому

    third

  • @JNET_Reloaded
    @JNET_Reloaded 3 роки тому

    u switch to quick cant screenshot a thing ur doing can u share ur code this is long!!! ???? also you kow how annoying them silly chars are after every line with a space is? very! unecceccessery asf!

  • @NetworkITguy
    @NetworkITguy 3 роки тому

    Download Ghidra version 10.1! It will help you lol

  • @saketsrv9068
    @saketsrv9068 3 роки тому +5

    Another day to watch the legend in action