To do file enumeration with the sql injection you could have used the option --common-file and pass it a wordlist then use --file-read= to read the file all with sqlmap. Great video :)
Did the box get changed after this video? The writer_web directory isn’t writable for me despite using smbclient and when I finally got in the box I saw that it wasn’t listening on port 8080 at all
Great work! I have one doubt, why we are supplying absolute file path to image_url param. Like this file:// . I mean this webserver might alread be running in web root, in that case relative path to file should work.
Instead of these regex, that might be buggy in some situations, and on top of that aren't super easy to construct... Why don't you use xpath expressions to select your data from the html?
Hey ippsec! I have a suggestion if you didn't know about, you can "copy as curl" the request in burp or the network tab in firefox, then convert the curl to a python script by some online tool and you have a python script of the request you've made! :)
he's also mad consistent when you consider the number of videos he has to the number of retired htb boxes...plus this is the best free training by far.
Add on to that, he does not only run the box one time. He has to run it a few times, check how did other people do it and includes those information as well. And then there is UHC series too
instead of running directly john u have to use if john is installed in opt directory then do this /opt/run/john hash.txt - -wordlists=/usr/share/wordlists/rockyou.txt this will load the hash file idk why but this works for me instead of running john directly
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
To do file enumeration with the sql injection you could have used the option --common-file and pass it a wordlist then use --file-read= to read the file all with sqlmap. Great video :)
This is pure gold! Thank you!
Waiting for insane release,but kudos to your dedication !
Cool. This was very dynamic. Amazing. ❤️
Did the box get changed after this video?
The writer_web directory isn’t writable for me despite using smbclient and when I finally got in the box I saw that it wasn’t listening on port 8080 at all
Does anyone know why sqlmap wont work with a UNION based technique on the login page? It seems to only work with time based blind which is a pain.
I’m on my 5th day of watching this this is a strenuous video 🤯 but I love it
Ippsec rocks!!! 🙂
Thanks for your great videos.
fantastic guide thank you!
Great work! I have one doubt, why we are supplying absolute file path to image_url param. Like this file:// . I mean this webserver might alread be running in web root, in that case relative path to file should work.
Thanks for such a nice content .
Please try to make some videos other than ctfs so that we can learn some extra things from you
Thank you 💗
Instead of these regex, that might be buggy in some situations, and on top of that aren't super easy to construct... Why don't you use xpath expressions to select your data from the html?
Primarily because I'm more comfortable with regex and can do it quicker.
First like first comment love from India ippsec
Hey ippsec! I have a suggestion if you didn't know about, you can "copy as curl" the request in burp or the network tab in firefox, then convert the curl to a python script by some online tool and you have a python script of the request you've made! :)
There is a copy-as-python-request extension in burp, works like magic.
When you wanted to crack the hash using john, actually you were right! You needed to add a $ in front of the hash as seen on your google research
Can we get a log4j video? Maybe you exploiting the vulnerability?
Got it
Why are your views going down....
this is lab very very hard
great but One video a week is not enough
Bro RUclips is not his job
he's also mad consistent when you consider the number of videos he has to the number of retired htb boxes...plus this is the best free training by far.
Add on to that, he does not only run the box one time. He has to run it a few times, check how did other people do it and includes those information as well. And then there is UHC series too
instead of running directly john u have to use
if john is installed in opt directory then do this
/opt/run/john hash.txt - -wordlists=/usr/share/wordlists/rockyou.txt
this will load the hash file idk why but this works for me instead of running john directly