Every video of Ippsec is epic, thanks you ippsec for all your writeups of HTB! All of those are really exciting, and also I learn a lot with them. Like
Really nice beyond root part. I like how you did all that total OSWE style. You could have concluded with that part and let the bot send you a root shell by using the command injection to do all the privesc part as well. Would have been fun having a one shot root reverse shell. Also look into goshs. It will give you a nice parsed view of the returned POST request with all the data when using -V in verbose mode.
This might be dumb question but can someone explain why in post exploitation he got the shell with this /dev/tcp/10.10.14.8/9001 why wasn't the port specified like this /dev/tcp/10.10.14.8:9001? I am sorry I am still learning and I don't understand this.
Excellent demo. What was the trick you at 16:05 to include the URL encoded spaces in your highlighted string? That seems very handy and something i often find myself wasting time having to go back and change
@@AUBCodeII oh maybe I need to watch it a little more closely? He quickly runs the shortcut to url encode then switches to bash to use it? Pretty cool way to go about it.
Hello, I am completely new here, so please I dont know why after i try to steal the cookie when pasting the cookie command and forwarding the post request i dont get anything on my local machine server
Hey I would love if you could make a video about Editorial box, there are a couple things that I don't fully understand and your videos are amazing so that would be awsome!
The v-flag is for verbose, so more details/information. Double verbose, shows the time to live. Triple verbose I think is showing actual ports it tries almost realtime
ttl value can be used to determine the OS. For Linux, it's 64, for windows it's 128. He was trying to determine the OS. I would assume that was his intent.
I find the TTL Handy as it can reveal [Port/Network] Address Translation, since the TTL Decrements everytime it hits a router. So when you scan a single IP and have different TTL's you know there are multiple hosts. It is one of those things that is rarely useful, but in the past, I have wasted a lot of time ruling out an attack because I didn't realize there were multiple hosts.
I don't know why no youtuber i watch, seem to use the mouse middle button, to paste whatever previously was highlighted. Super fast, no ctrl c \ v. If you get more used to this, it is like a second clipboard. Highlite text => Ctrl+c for a different clipboard. Then push middle button somewhere else to paste from that other clipboard. It can take some time to get more used to it. In tmux to paste hold shift+middle Button. Oh and only Linux 😅
I don't understand how this one is a beginner box.. I feel like if you can solve this box, you can get any entry level job in cyber.. Just how I suppose to know all this stuff, if it is for beginner..
Easy doesn't mean beginner. It means less steps and probably less complex payloads than higher levels. I'm a PenTester with an OSCP and I don't crack the EASY boxes quickly every time.
Every video of Ippsec is epic, thanks you ippsec for all your writeups of HTB!
All of those are really exciting, and also I learn a lot with them.
Like
Even though I already did the box, it was like always amazing and informative!
Great video, love your content. Keep it up 🙏☺️
Really nice beyond root part. I like how you did all that total OSWE style. You could have concluded with that part and let the bot send you a root shell by using the command injection to do all the privesc part as well. Would have been fun having a one shot root reverse shell. Also look into goshs. It will give you a nice parsed view of the returned POST request with all the data when using -V in verbose mode.
Compromising an HttpOnly cookie definitely seems like something you would see on an OSWE lab or on the exam.
Ipp, we need to get OSPP right now. No excuses. No mercy
I just did this box today in the morning 😂
I didn't know Kim Jong Un watched IppSec
THE GOAT
Thanks awesome as usual
This might be dumb question but can someone explain why in post exploitation he got the shell with this /dev/tcp/10.10.14.8/9001 why wasn't the port specified like this /dev/tcp/10.10.14.8:9001? I am sorry I am still learning and I don't understand this.
So /dev/tcp/ is a weird directory created by bash (not all shells have this). The IP is treated as a folder and port as a file.
Hey @ippsec a dumb question how did you bring the IP address in CLI as default is it from your OS or HTB’s virtual machine?
Excellent demo. What was the trick you at 16:05 to include the URL encoded spaces in your highlighted string? That seems very handy and something i often find myself wasting time having to go back and change
He pressed Ctrl+U to URL-encode the highlighted string. Conversely, you can press Ctrl+Shift+U to URL-decode the highlighted string
Is this gonna be a bash thing or a tmux thing? I've literally never heard of that. Cool as heck can't wait until I'm back at a terminal to try it
@@drwombat These shortcuts only work on Burp Suite, when you're editing a HTTP request
@@AUBCodeII oh maybe I need to watch it a little more closely? He quickly runs the shortcut to url encode then switches to bash to use it? Pretty cool way to go about it.
25:21 But we are hackers, we don't do this proper 🤣🤣
Hello, I am completely new here, so please I dont know why after i try to steal the cookie when pasting the cookie command and forwarding the post request i dont get anything on my local machine server
Hey I would love if you could make a video about Editorial box, there are a couple things that I don't fully understand and your videos are amazing so that would be awsome!
Can anyone tell me why we find the ttl value here ? Using -vv
The v-flag is for verbose, so more details/information. Double verbose, shows the time to live. Triple verbose I think is showing actual ports it tries almost realtime
ttl value can be used to determine the OS. For Linux, it's 64, for windows it's 128. He was trying to determine the OS. I would assume that was his intent.
I find the TTL Handy as it can reveal [Port/Network] Address Translation, since the TTL Decrements everytime it hits a router. So when you scan a single IP and have different TTL's you know there are multiple hosts. It is one of those things that is rarely useful, but in the past, I have wasted a lot of time ruling out an attack because I didn't realize there were multiple hosts.
Push!
17:54 Dvir is a hebrew name, pronounced as is (dvir/dveer/dvear whatever)
I don't know why no youtuber i watch, seem to use the mouse middle button, to paste whatever previously was highlighted. Super fast, no ctrl c \ v. If you get more used to this, it is like a second clipboard. Highlite text => Ctrl+c for a different clipboard. Then push middle button somewhere else to paste from that other clipboard. It can take some time to get more used to it. In tmux to paste hold shift+middle Button. Oh and only Linux 😅
stop yapping
Oh my God. I owe you my energy, my guy!
It works on my arch😂
Thanks for the tip ;) i'll definitely give it a try next time
I use mouse with 6 buttons I use side 2 buttons for ctrl c and ctrl v
It make life easy
Simply because I dislike touching the mouse
Loled at NO AND THEN
Thank you sir learn’t lots of things from 🙏
I don't understand how this one is a beginner box.. I feel like if you can solve this box, you can get any entry level job in cyber.. Just how I suppose to know all this stuff, if it is for beginner..
Easy doesn't mean beginner. It means less steps and probably less complex payloads than higher levels.
I'm a PenTester with an OSCP and I don't crack the EASY boxes quickly every time.
IppStrike