Tonight I had a dream about Ippsec. He uploaded a video just talking about his favourite snacks. It became the most watched video on youtube. Please keep it up. You are awesome!
I have no idea how this dude manages to remember every tool and its flags. Best part is that its not always the same tools on every machine but he just knows them lmao. can't imagine the study behind it and the time spent, that's dedication at its best.
Don't forget these boxes are already owned by him, so he knows how to lay it out for the video. Most of the time it's just trail and error with the tools you already know. I myself keep a note file with steps I can take for each different phase i.e. nmap/dirbusting/fuzzing etc checking headers for info, setting domainames in etc/hosts file. No results? poke the website find extensions, try different nmap scans like UDP or all ports, you name it..
Just a note. I actually did this box without downloading the source code, since I didn't see the button (lol). If you look at the images on the website, you can actually see they are pulled directly from a github repo, and if you go there you have the code and the secret in the commits directly.
ssh-keygen already create keys with correct permission. I think it's just you doing it out of habit every time chmod 600. Great video as usual , learned the file descriptor thing awesome. :)
It was fun watching this walkthrough, haha but I guess it was really a long day for you at the time you recorded this video. But great walkthrough as always xD learned something new about fd
Haha it was early in the morning - That was just a joke earlier, I didn't do any prep for this box. I knew the path from testing it months ago. The box changed from when I tested it and that threw me for a curve ball. As originally there was a file that was owned by dasith in /root, that you read via the file descriptor. I hadn't seen the core dump thing until recording the video.
Ahhh really was it morning back then?, I thought it was really a long day for you because the way you fumbled at 46:35 haha that was funny when you were not able to talk. But I guess I get you, sometimes while making these videos we starts fumbling. But thank you for creating this great walkthrough.
@@Pentestingwithspirit Haha yeah, normally I would edit something like that out when I get tripped up. However, I was trying to do it with minimal/no editing since it was an easy rated box.
Great walkthrough but I couldn’t get the root SSH private keys. When I do grep BEGIN “filename” it doesn’t come up with anything. Anyone got any ideas?
hey. again could you pls write in the video title what lvl the box is that you'r doing? im a begginer and i'd very much like to learn new things but rn i think i could only deal with easy boxes myself so from like hard boxes im not sure if i could learn much as its just too complicated probs
34:05 “I don’t know what I am doing” me all the time. Thanks for the video!
Tonight I had a dream about Ippsec. He uploaded a video just talking about his favourite snacks. It became the most watched video on youtube. Please keep it up. You are awesome!
I have no idea how this dude manages to remember every tool and its flags. Best part is that its not always the same tools on every machine but he just knows them lmao. can't imagine the study behind it and the time spent, that's dedication at its best.
Don't forget these boxes are already owned by him, so he knows how to lay it out for the video. Most of the time it's just trail and error with the tools you already know. I myself keep a note file with steps I can take for each different phase i.e. nmap/dirbusting/fuzzing etc checking headers for info, setting domainames in etc/hosts file. No results? poke the website find extensions, try different nmap scans like UDP or all ports, you name it..
@@v380riMz yeah same here hahah :)
@@PhotoSlash its still pretty hard nonetheless. Even easy boxes 🤣
Thanks for showing the importance of closing fd at last !!
Just a note. I actually did this box without downloading the source code, since I didn't see the button (lol). If you look at the images on the website, you can actually see they are pulled directly from a github repo, and if you go there you have the code and the secret in the commits directly.
ssh-keygen already create keys with correct permission. I think it's just you doing it out of habit every time chmod 600. Great video as usual , learned the file descriptor thing awesome. :)
Hey ipp. If you ever come to Brazil, I'll buy you a glass of ippbeer.
I’m going to invite him in Saudi first
Brazil first! I buy you some Januticaba
If your a basketball player you watch nba games to get inspired and replay all the time to understand. If your CTF player, you do the same with this.
This was very well explained and carried out.
This man is amazing. Respect
It’s an interesting lesson that dropping permissions which is usually best practice cause this dump vulnerability in this case
You are the man, keep up the great work....
Thanks for the great content Ipspec!
(@21:30 Looks up what Ctrl-B = does in tmux...or is it just a typo...)
ctrl + B isn't a thing, ctrl + b is the default prefix key, but he hit it in Burp, so all of that is irrelevant.
It was fun watching this walkthrough, haha but I guess it was really a long day for you at the time you recorded this video. But great walkthrough as always xD learned something new about fd
Haha it was early in the morning - That was just a joke earlier, I didn't do any prep for this box. I knew the path from testing it months ago. The box changed from when I tested it and that threw me for a curve ball. As originally there was a file that was owned by dasith in /root, that you read via the file descriptor. I hadn't seen the core dump thing until recording the video.
Ahhh really was it morning back then?, I thought it was really a long day for you because the way you fumbled at 46:35 haha that was funny when you were not able to talk. But I guess I get you, sometimes while making these videos we starts fumbling. But thank you for creating this great walkthrough.
@@Pentestingwithspirit Haha yeah, normally I would edit something like that out when I get tripped up. However, I was trying to do it with minimal/no editing since it was an easy rated box.
Is your name shubham ?
🔥🔥🔥✊go go
anyone have an idea why kill -3 not generating core dump and kill -11 did although -3 as the documentation it is specific for generate core dump
24:00 Anyone know where I can read about stealth entries ? And potentially how to counter them.
i'm not a pro hacker but you should be aware of what processes are running and if you see something unfamiliar you should check what it does
how to upload web challenges to HTB sir? I need to know this because I develop CTFs and I want to contribute to HTB or become a kind of part of it.
Great walkthrough but I couldn’t get the root SSH private keys. When I do grep BEGIN “filename” it doesn’t come up with anything. Anyone got any ideas?
This was a great box!
Awesome! Great video
amazing privesc on this one
hey. again could you pls write in the video title what lvl the box is that you'r doing? im a begginer and i'd very much like to learn new things but rn i think i could only deal with easy boxes myself so from like hard boxes im not sure if i could learn much as its just too complicated probs
Go to his channel, then playlists
Thanks bro!
Thank you bro
PwnKit was not patched on this box, got root this way a few days before box became retired
Can someone enlighten me, why the root key was in the crash report 🥴
The program allowed users to read files as root. We crashed the program after reading the key, so it was still in memory.
You got access in under 10 minutes but it took me an hour... I need to get better.
Ippppppppppsseeeeeeeeeeeeeeeecccccccccc!!!!!!!
You Sound like John Hammond 🥰🥰
You need to update nmap to 7.92
This box is should be in medium rate
I really struggling with the exploitation part
first
Easy user, medium priv esc at least.
I was lazy enough to just get the root flag from the core dump 😁
I never remember your face!
I did this box few days ago, ig i got lucky cuz i dont have vip so i couldnt do it rn
ipspec
.