Thank you for everything. I have been watching you since the Popcorn video, at that time I didn’t know nothing about what you are doing, it just the terminal and your voice that got me excited to watch. Now with a basic knowledge & a proper google account, I can spend hours after hours rewatching your videos. I have hug respect for you man!
@Jonsn0w Gaming about 4 years ago I didn’t have an account. I just watched YT without signing in. I was really kind of noob back then, just know basic stuff about computer, but I do love when someone working on a terminal, and ippsec is the one who I decided to watch.
@Jonsn0w Gaming At first I really interested in hacking, because of the movie “The Matrix”. But at that time I just thought hacking was like open a terminal and type. When I watch his Popcorn walkthrough, I did ask my uncle and he said it’s legit the linux command he was typing. So I keep watching his videos, until now I decided to jump into info sec. Tough start but really happy when I can finally understand and learn from him.
Thanks for the great explanation. Looks like those '403 forbiddens' in gobuster were because of some blacklist keywords like 'conf' and their appearances: 'wp-config', 'conf', 'confirmation' and etc ...
Thinking back to your video about OMIGod and auditd, seems like SELinux would be great in terms of limiting some of the actions that auditd only records. Thanks for the video
I'm really not a fan at the "targeted learning", or all the people that try to build the "perfect workflow". The amount of information you can get out of SNMP is endless, it's better to just understand the basics of how it works and go with the flow. In this case it was along the lines of "I really wish i knew some HTML Directories... lets grep our notes and hope for the best". A course would say the information could be in there, and you'd feel good completing a lab to say yes i got this information out of snmp before. However, a year or two down the line you forget all about it and its worthless. It's the difference between learning how to fish, and learning how to catch catfish. One is more versatile and will work in a large number of places... Whereas the other is fish and probably location dependent.
After 4and+ months away from my kali&computers in general, there is NO other BETTER WAY of getting back and watching 1 of your walkthroughs! Outstanding video as usual, excellent explanation of the SELinux stuff! Absolutely OWSOME!!! Better than an orgasm! 😂👌🏿👍🏿🤣👏🏿👏🏿
I think the issue with ssh keys not working was either an selinux flag missing from /home/michelle/.ssh or due to the permissions on /home/michelle/.ssh not being 0700 / too open. Testing with the mode shown (0775) denies access when logging into a test system.
Snmpwalk wasn’t showing me the seeddms when I was first working this box but the Perl script of snmpbw did. I still can’t figure out why. I wonder if anyone else had the same issue. Anyway, thanks for the video!
Hello ippsec, I’d like to buy a laptop mostly to do things like you do. I have a budget of around 2k, what would be a viable laptop and what specs should I mostly look for? And what kind of laptop do you use?
I'm enjoying your videos a lot! It has really helped me speed up my learning process and I'm loving it! How can I donate? I'd love to buy you a coffee 😁
Thank you for everything. I have been watching you since the Popcorn video, at that time I didn’t know nothing about what you are doing, it just the terminal and your voice that got me excited to watch. Now with a basic knowledge & a proper google account, I can spend hours after hours rewatching your videos. I have hug respect for you man!
@Jonsn0w Gaming about 4 years ago I didn’t have an account. I just watched YT without signing in. I was really kind of noob back then, just know basic stuff about computer, but I do love when someone working on a terminal, and ippsec is the one who I decided to watch.
@Jonsn0w Gaming English is not my native language, sorry if I make any misunderstanding
@Jonsn0w Gaming At first I really interested in hacking, because of the movie “The Matrix”. But at that time I just thought hacking was like open a terminal and type. When I watch his Popcorn walkthrough, I did ask my uncle and he said it’s legit the linux command he was typing. So I keep watching his videos, until now I decided to jump into info sec. Tough start but really happy when I can finally understand and learn from him.
Thanks for the comment! Glad you enjoy the videos
Thanks for the great explanation.
Looks like those '403 forbiddens' in gobuster were because of some blacklist keywords like 'conf' and their appearances: 'wp-config', 'conf', 'confirmation' and etc ...
Thinking back to your video about OMIGod and auditd, seems like SELinux would be great in terms of limiting some of the actions that auditd only records. Thanks for the video
Been going down too many rabbit holes recently on HTB machines. Creators are being more devious - or just more lucky!
Please make a detailed video on SNMP enumeration :) Great video as always!!
I'm really not a fan at the "targeted learning", or all the people that try to build the "perfect workflow". The amount of information you can get out of SNMP is endless, it's better to just understand the basics of how it works and go with the flow. In this case it was along the lines of "I really wish i knew some HTML Directories... lets grep our notes and hope for the best".
A course would say the information could be in there, and you'd feel good completing a lab to say yes i got this information out of snmp before. However, a year or two down the line you forget all about it and its worthless. It's the difference between learning how to fish, and learning how to catch catfish. One is more versatile and will work in a large number of places... Whereas the other is fish and probably location dependent.
@@ippsec Yes, understood what you want to convey. Thanks for pointing me in right direction.
After 4and+ months away from my kali&computers in general, there is NO other BETTER WAY of getting back and watching 1 of your walkthroughs! Outstanding video as usual, excellent explanation of the SELinux stuff! Absolutely OWSOME!!! Better than an orgasm! 😂👌🏿👍🏿🤣👏🏿👏🏿
Woot what a class about selinux!!! Thanks a lot!!!
Please never stop with the video making!
I think the issue with ssh keys not working was either an selinux flag missing from /home/michelle/.ssh or due to the permissions on /home/michelle/.ssh not being 0700 / too open.
Testing with the mode shown (0775) denies access when logging into a test system.
Snmpwalk wasn’t showing me the seeddms when I was first working this box but the Perl script of snmpbw did. I still can’t figure out why. I wonder if anyone else had the same issue.
Anyway, thanks for the video!
You may need the period at the end to crawl all
@@ippsec Oh yea, I just reviewed my notes and saw that I was in fact missing the period. Thanks! Not good enough recon after all
I had the same issue. I was missing the .1 ;(
omg it was the . :'''(
same
20:09 maybe you should have tried -z range,0-30 ?
Was sqlmap not attempted because any injection vulnerability would have already been documented in searchsploit?
ssh key did not work as ~michelle/.ssh was group writeable...
Thanks I always fuck up with the perms there
@IppSec why are we running snmpwalk 2nd time at 50:52
The reply to comment by Bernd Eckenfels.
Your VM has the hostname of omigod still.. Not a big deal, but maybe change so the viewers dont get confused?
Thanks!
@IppSec May I know what are u using i mean vmware or virtualbox or dualboot ?
Really good box!
TY!
Good job! Thx!
using htaccess for seeddms doesn't feel right. are they only support appache and ctf author manually installed on nginx or lazy devs left a hole?
Thanks❤️
Thanks for all the comments! A few more months and you'll have been watching for two years.
Why you created list with just 4 random strings as your bruteforcing list?
This case is lucky as here the username matches with the password.
It was demoing a relatively successful way to bruteforce. Make it easy on yourself so if you find other usernames, can quickly try it.
Ippsec sir! So cute.
Hello ippsec, I’d like to buy a laptop mostly to do things like you do. I have a budget of around 2k, what would be a viable laptop and what specs should I mostly look for? And what kind of laptop do you use?
I haven’t used a laptop in a year, and that laptop is 7+years. I’m not the one that can answer this, sorry
@@ippsec alright, thank you.
loved ur video before i even opened it..
I'm enjoying your videos a lot! It has really helped me speed up my learning process and I'm loving it!
How can I donate? I'd love to buy you a coffee 😁
Please do a RUclips live on hack the box machine♥️
Instead of snmpwalk to retrigger within 5mins, use snmpget with the oid instead
I show that at the end of the video
came here from lucid
First comment
probably for the first time ippsec disclosed a flag , lmao
already rooted
Great video...❤️ Thank you...😌