You actually can. Ippsec reached this level by pure determination, tons of trial and error, a lot of reading, putting it into practice and most of all be curious and have the passion
+1 to @boogieman97 keep in mind I’ve been doing videos weekly for 5+ years. Which isn’t a long time at all, but more frequent than the average person. If you create a plan and stick with it I’m sure you’ll be near this level
@@ippsec next to that correct me if I'm wrong, I've heard in one of your earlier videos that your carreer is far most autodidactic. Apart from that that might not be "long", it is about dedication and willingness to commit. Thats why I am highly appreciating Ippsec and of course subscribed, so if you agree folks do so as well 😃
Hi Ippsec I was wondering if you could help? I am attempting this machine and I get into the activemq user initially through a meterpreter reverse tcp, then I get an interactive shell (python3 -c 'import pty;pty.spawn("/bin/bash")'. But when I try to edit the nginx.conf file with vi, the vi editor doesn't work properly and I can enter/exit insert mode or move around the text in the file with the arrow keys
I didnt think to try entity encoding the xml and resorted to the curl command. Nice to know about that now. My question is did we have to have all three lines in the xml? Or could it have been done with one? Great video as usual!
So basically is it a vuln in the class - ClassPathXmlApplicationContext which is part of the Spring framework? And this being used by ActiveMQ made it vuln as this class loaded a crafted XML config file
I have reset this box and gone through the same steps (i think) and there is no /root directory in /crontabs, also any file that gets uploaded doesnt have execute permissions(i changed permissions before uploading just in case). I uploaded the ssh keys just to login as root and check. Did they change the box?
Im maybe late but i had the same problem. you have 404 because your poc-linux.xml file is on the CVE folder and your http server cant find it. just move poc-linux.xml to /home/[your account]/ i guess you started you http server on home directory like me :'(
Ippsec you said on a earlier podcast that you were going to start doing videos on the basic foundations of Hackthebox. Is that still in the works? Thanks.
I want to, just can't get the motivation. If you look at the technique videos, I think I've started covering things just not from a foundation perspective.
I did a completely different technique for privesc using share object .so (Files), since we can modify the prefix with nginx i just needed to craft a .so files in a module directory, rename it correctly (ngx_http_echo_module.so), run with sudo ===> got error but BAM suid /usr/bin/bash -p
Man you are awesome. I love the way you handle and understand things like it is nothing to you . I Wish i reach this level of professionalism.
You actually can. Ippsec reached this level by pure determination, tons of trial and error, a lot of reading, putting it into practice and most of all be curious and have the passion
+1 to @boogieman97 keep in mind I’ve been doing videos weekly for 5+ years. Which isn’t a long time at all, but more frequent than the average person. If you create a plan and stick with it I’m sure you’ll be near this level
@@ippsec next to that correct me if I'm wrong, I've heard in one of your earlier videos that your carreer is far most autodidactic. Apart from that that might not be "long", it is about dedication and willingness to commit. Thats why I am highly appreciating Ippsec and of course subscribed, so if you agree folks do so as well 😃
Cron Job Priv Esc learnt today, Great video.
You are crazy good man 👍👌
the privesc feels amazing
Hi Ippsec I was wondering if you could help? I am attempting this machine and I get into the activemq user initially through a meterpreter reverse tcp, then I get an interactive shell (python3 -c 'import pty;pty.spawn("/bin/bash")'.
But when I try to edit the nginx.conf file with vi, the vi editor doesn't work properly and I can enter/exit insert mode or move around the text in the file with the arrow keys
wow the dav method and cron are amazing
its not even weekend wow love it
Hey Ippsec thanks for the awesome video as usual. Are you planning to make videos on new HTB-Sherlocks when they’ll retire?
I have not decided yet.
@@ippsecI would appreciate a lot! Or if you know someone that you trust to make them also
First .. now let me watch 😁
I didnt think to try entity encoding the xml and resorted to the curl command. Nice to know about that now. My question is did we have to have all three lines in the xml? Or could it have been done with one? Great video as usual!
Nice way of opening a shell using cron job. :)
❤❤❤
So basically is it a vuln in the class - ClassPathXmlApplicationContext which is part of the Spring framework? And this being used by ActiveMQ made it vuln as this class loaded a crafted XML config file
Thanks for the tutorial!
Do you have a tutorial or can you recommend one on getting more comfortable with Vi/Vim?
I have reset this box and gone through the same steps (i think) and there is no /root directory in /crontabs, also any file that gets uploaded doesnt have execute permissions(i changed permissions before uploading just in case). I uploaded the ssh keys just to login as root and check. Did they change the box?
thumb up💯
❤
Awesome ippsec!!
In this box the port 2112 lists archive system of the machine with elevated privileges on the navegator
Thanks ippsec ❤
Push!
Thanks
I can't find the challenge on HTB? (yes I'm looking under retired)
You may have a filter on your search.
I got a 404 message not found error when I sent the file I tried send the packet without the poc xml and got a got a 200 get from server idk why
Im maybe late but i had the same problem. you have 404 because your poc-linux.xml file is on the CVE folder and your http server cant find it. just move poc-linux.xml to /home/[your account]/
i guess you started you http server on home directory like me :'(
Thanks Ippsec
Ippsec you said on a earlier podcast that you were going to start doing videos on the basic foundations of Hackthebox. Is that still in the works? Thanks.
I want to, just can't get the motivation. If you look at the technique videos, I think I've started covering things just not from a foundation perspective.
thanks@@ippsec
Nothing
I did a completely different technique for privesc using share object .so (Files), since we can modify the prefix with nginx i just needed to craft a .so files in a module directory, rename it correctly (ngx_http_echo_module.so), run with sudo ===> got error but BAM suid /usr/bin/bash -p