I really enjoyed this style of video. I am tired of seeing all the videos of people doing labs they have already completed. They know exactly where to go and what to do. It makes it seem way too easy and when I as a beginner cannot figure something out, I feel down because I'm so used to seeing people complete some machines so quickly.
@IppSec, at 53:00 you're saying you "started to regret stepping through this exploit without doing any prep". Well, I believe there's no reason to feel that way)) On the contrary, it helps watching the way you go over hurdles and find solutions through trial and error. I mean it - it really helps newbies like me to learn new things! This is why I watch your videos instead of reading quick 5-minute write-ups.
I've opened this box one week ago, but i've learned a lot watching your videos. so thanks. For a noob like me you are too fast and you take for granted a lot of things, so i have to stop, go to google and learn.... But i like the method try, error and repeat....
Doing easy boxes this way is a fantastic idea, so thanks a ton ! Also, I was kinda wondering if you could do a sort of a opsec/best practice video, could also help educate people how to not hose the public servers on HTB :)
Hey ippsec, I have a question for you. I have been watching your videos for some time and have recently got into hack the box to try for myself. I am a beginner through and through and was wondering if you could suggest a route to getting to understand exploitation at the level you do. I know it takes lots and lots of experience but I was just wondering if you had any advice for a starter, to guide down the right path. I am comfortable and still understanding enumeration and research, my serious issue is with determining exploits and vulnerabilities. Thanks
Hello Ipp I think you are brilliant, but I usually get lost when you intercept the exploit with burp and, exploit it manually, and this is a crucial thing that I should learn before purchasing the PWK, any tips regarding this?
43:30 Totally agree with you, recently i suggested a friend to try "wifite" for wifi audits, he said it was for noobs and that he knew how to do the same thing manually through aircrack, i disagreed with him and told him that it was a more efficient , fast and possibly more reliable way to test for vulnerabilities and that even if it hurt his ego of being a "leet hackerman" to run an automated tool at least it could save time and money ... Such tools exist to make us more efficient and since its open source you can always poke around the code and figure out exactly what makes it tick.
Bruh just tell him that your favorite black hat hackers do use metasploit. Lmao .. using metasploit doesn't make you a script kiddie but running it blindly without knowing what in the world you are actually doing does makes you.
i love your content, im just not understanding why you are doing what you are doing, meaning how do you know what you have to do? im kinda confused (noob).
i am facing a very basic issue. When i run the ISO Machine on vm my Kali machine isnt getting that Postman on nmap while vmware is on bridge. Please help. can u make a tutorial on basic of how tk setup vmware and kali with HTB machines Please. I'll be thankful
Awesome as usual! but so fast for me, I'm too noob. By the way, you can go even faster in Metasploit by typing 'use + number of exploit' instead of writing or copying the entire name.
So about those redis errors, they happened because someone messed up the config. I tried to do this box months ago and everything worked fine, and when I did it again yesterday I also got the error messages
Is there someone else who got issues with wget linPEAS ? When i tried wget it look like some kind of filter always stop my download at 33%. When i try nc it crash the connection. I try to wget LinEnum.sh and it go without any problems. Is somthing wrong with linPEAS or im making something wrong?
@@portfoliome12 I solved it yes, I'm not gonna just post the hash here though lol, follow the video & you'll get it :) or even better, try to solve it without the video, then only watch a little once you're stuck.
i used all type command to show redis port else what you do "-p-" can any one explain to me why not it show me this port I think this is the technique they want you to do??
how are you sir ? sir I have been trying for 1 month ,that we can use kali linux . how can we massage on mobile number .And that too absolutely free . please help me
Guys, why in challenge menu on hackthebox.eu ive always hostname unless internal ip such like this video that ipsec use to scan 10.10.10? Ive try to nslookup the hostname gived and dont return a local ip. Ive only seen a local ip on machines menu
To access challenges, hackthebox gives you a public domain/ip to connect to because it usually only has one service, But to access machines, hackthebox gives you an an internal ip because the machines are more complicated and have more open ports.
Tried this box last Sunday and it was always asking me for a password when I ssh with redis user...and I did the exact same thing like you 😣😔... didn't got time during the week and now it's retired
@@thomasmarques2816 i had the same problem over and over.... I think the problem was too many people trying to access the machine and - maybe - launching the "flushall" command....
I actually did the same exact thing and it kept asking me for password.. I didn't even get any error for the first time...after hours of tries i gave up man redis stuff is pain in the ass.
Hey bro thanks for your helping i have trying to do machines ’linux’ i get bash but i can’t get root access win I type sudo asked for password 🤔helps thanks in advance
Dank derer, die cyberdave1 empfehlen, kann ich auf Instagram jetzt WhatsApp-Nachrichten und Anrufe meines Mannes lesen und hören, ohne dass er es bemerkt. Er ist ein Genie
Box retires few hours before the new box launches. That way people can make a day of HTB and work on what was retired, then do the new box when it launches.
@IppSec, at 53:00 you're saying you "started to regret stepping through this exploit without doing any prep". Well, I believe there's no reason to feel that way)) On the contrary, it helps watching the way you go over hurdles and find solutions through trial and error. I mean it - it really helps newbies like me to learn new things! This is why I watch your videos instead of reading quick 5-minute write-ups.
![FNAF vs TF2 - Episode 2 [SFM]](http://i.ytimg.com/vi/z5b3V2-VLb0/mqdefault.jpg)
keep this change, very helpful for me to see how a pro thinks
that SSH drop you did actually helped me solving a challenge that i had thank you so much!!!
I really enjoyed this style of video. I am tired of seeing all the videos of people doing labs they have already completed. They know exactly where to go and what to do. It makes it seem way too easy and when I as a beginner cannot figure something out, I feel down because I'm so used to seeing people complete some machines so quickly.
@IppSec, at 53:00 you're saying you "started to regret stepping through this exploit without doing any prep". Well, I believe there's no reason to feel that way)) On the contrary, it helps watching the way you go over hurdles and find solutions through trial and error. I mean it - it really helps newbies like me to learn new things! This is why I watch your videos instead of reading quick 5-minute write-ups.
speaking while walkthrough is great. please make more for beginners as well on what shoukd be thinking strategy while solving a machine.
big fan of the live attempts, definitely vouch for more 👍
I've opened this box one week ago, but i've learned a lot watching your videos. so thanks. For a noob like me you are too fast and you take for granted a lot of things, so i have to stop, go to google and learn.... But i like the method try, error and repeat....
Thanks for explaining why that Webmin exploit worked man,I learnt a lot from that bit alone actually.
Doing easy boxes this way is a fantastic idea, so thanks a ton ! Also, I was kinda wondering if you could do a sort of a opsec/best practice video, could also help educate people how to not hose the public servers on HTB :)
I really can't thank you enough for the efforts you put on these videos, the manual exploitation was awesome, good job man
I was going o watch a movie with popcorn, but this is way better. 🍿
Hey ippsec, I have a question for you. I have been watching your videos for some time and have recently got into hack the box to try for myself. I am a beginner through and through and was wondering if you could suggest a route to getting to understand exploitation at the level you do. I know it takes lots and lots of experience but I was just wondering if you had any advice for a starter, to guide down the right path. I am comfortable and still understanding enumeration and research, my serious issue is with determining exploits and vulnerabilities. Thanks
It's very cool to see this new format. I also ran in some of the stuff you did, so much to learn just by watching someone else doing the same box.
Perfect timing, I just did this box before it retired and had to use Metasploit. Looking forward to the manual exploit
Learned a lot. I spent a long time trying to get that webadmin update code execution
Man I love your content! Could you screencast you keystrokes so I can learn the shortcuts you're using?
35:40. Stats? 47:56. Commas for spaces? You see it’s stuff like this that makes @ippsec so freggin awesome! Every. Time. I. Learn. Something. New.
Webmin is actually pretty cool. Thanks!
Hello Ipp
I think you are brilliant, but I usually get lost when you intercept the exploit with burp and, exploit it manually, and this is a crucial thing that I should learn before purchasing the PWK, any tips regarding this?
Lol this shit was the worst. Box resets all the time but ended up getting through. Good video.
PERFECT TIMING!
43:30 Totally agree with you, recently i suggested a friend to try "wifite" for wifi audits, he said it was for noobs and that he knew how to do the same thing manually through aircrack, i disagreed with him and told him that it was a more efficient , fast and possibly more reliable way to test for vulnerabilities and that even if it hurt his ego of being a "leet hackerman" to run an automated tool at least it could save time and money ... Such tools exist to make us more efficient and since its open source you can always poke around the code and figure out exactly what makes it tick.
Bruh just tell him that your favorite black hat hackers do use metasploit. Lmao .. using metasploit doesn't make you a script kiddie but running it blindly without knowing what in the world you are actually doing does makes you.
Totally! Agreed But either way we need get thing done! It's up us to come up with idea. Time is of essence for OSCP You could focous on other thing!
I'm so comfortable watching this on my VR headset haha love it
i love your content, im just not understanding why you are doing what you are doing, meaning how do you know what you have to do? im kinda confused (noob).
Which os terminal are you using is it Linux....
Yeah this answers a lot of questions in little time, the psdrive cmdlet is very useful for using local tools, sub.
This is what i was waiting for !
22:48 loved linPEAS expl! tyvm!
Guessing expl == explanation
Wow, Ray Romano funny and a great hacker.
i am facing a very basic issue. When i run the ISO Machine on vm my Kali machine isnt getting that Postman on nmap while vmware is on bridge. Please help.
can u make a tutorial on basic of how tk setup vmware and kali with HTB machines Please. I'll be thankful
What keyboard are you using?
So....what’s the function of the encrypted id_rsa??????
Was that redis server completely unsecured?
why metasploit alaways use cmd/unix/reverse_? payload as default payload? help!!
Thanks for the great explain
Hmmmm, I never logged in with webmin, as far as I remember at least, I used metasploit since that seemed easier
Hey, Very useful, one question, I am in trying to ssh redis but it keeps asking for password what should I do?
it means your public key isnt actually in redis .ssh/authorized_keys file
I recommend just adding the target website into the scope of your Burpsuite attack instead of having to turn on and off Foxyproxy
can we do like this in exam (OSCP)?
meaning first exploit using metasploit then try to do manually ?
nope. You can only use metasploit only once throughout the whole exam. So play it wisely mate.
Awesome as usual! but so fast for me, I'm too noob.
By the way, you can go even faster in Metasploit by typing 'use + number of exploit' instead of writing or copying the entire name.
Can I use Kali terminal behalf of Linux Terminal.... For hack the box.... It will work...
Very good explain.
So about those redis errors, they happened because someone messed up the config. I tried to do this box months ago and everything worked fine, and when I did it again yesterday I also got the error messages
I Sleep Not really, it gave him the error because he had the directory set in the wrong place.
@@expandingsalad786 that was an expected error, but sometimes it would give errors even when in the right directory
How come you dont use workspaces, wouldn't that be much more effecient than alt-tabing applications
Probably, but talking takes out a lot of my short term memorization and multi-tasking ability which makes workspaces challenging.
Is there someone else who got issues with wget linPEAS ? When i tried wget it look like some kind of filter always stop my download at 33%. When i try nc it crash the connection. I try to wget LinEnum.sh and it go without any problems. Is somthing wrong with linPEAS or im making something wrong?
Wow. Tell me where you work, I really want to work with you in my life
Hmmm I'm still getting that MISCONF error, don't know what's causing it
Reset the box and got rid of the error message
this is the first box I was able to do on htb! and now ippsec is covering it :D
i'm a n00b though so it took me like 15 hours :v
u have a hash?
@@portfoliome12 I solved it yes, I'm not gonna just post the hash here though lol, follow the video & you'll get it :)
or even better, try to solve it without the video, then only watch a little once you're stuck.
Are you John Hammond?
i used all type command to show redis port
else what you do "-p-"
can any one explain to me why not it show me this port
I think this is the technique they want you to do??
how are you sir ? sir I have been trying for 1 month ,that we can use kali linux . how can we massage on mobile number .And that too absolutely free . please help me
Guys, why in challenge menu on hackthebox.eu ive always hostname unless internal ip such like this video that ipsec use to scan 10.10.10?
Ive try to nslookup the hostname gived and dont return a local ip. Ive only seen a local ip on machines menu
If I understand you, you might not have the Connnection pack
@@b3twiise853 I can only see internal ip in machine menu. Why they arent displayed on challenge menu?
To access challenges, hackthebox gives you a public domain/ip to connect to because it usually only has one service, But to access machines, hackthebox gives you an an internal ip because the machines are more complicated and have more open ports.
@@expandingsalad786 thanks for help me guys. I really apreciate it :)
i just solved this box then i seen this video :d
this one is easy? 😭
Tried this box last Sunday and it was always asking me for a password when I ssh with redis user...and I did the exact same thing like you 😣😔... didn't got time during the week and now it's retired
@plushoom no I didn't...I was thinking on working on it later but I got busy
@@thomasmarques2816 i had the same problem over and over.... I think the problem was too many people trying to access the machine and - maybe - launching the "flushall" command....
@@marcolaos5568 yh maybe 😔
Finallllllllyyyyyyyyyyyy
Nice vid, download to dicks, gave me a chuckle ^^
♥️
I actually did the same exact thing and it kept asking me for password.. I didn't even get any error for the first time...after hours of tries i gave up man redis stuff is pain in the ass.
I think if you do it manually, other people might change stuff and you will miss the mark.
In such cases, I try to automate the steps
Hey bro thanks for your helping i have trying to do machines ’linux’ i get bash but i can’t get root access win I type
sudo asked for password 🤔helps thanks in advance
Leaked?
It's Saturday, box is getting retired
@@emilsrbrden2987 ok love u
Dank derer, die cyberdave1 empfehlen, kann ich auf Instagram jetzt WhatsApp-Nachrichten und Anrufe meines Mannes lesen und hören, ohne dass er es bemerkt. Er ist ein Genie
I thought YT forbidden hacking ?!
Still 5 hours left isnt it? :D
Box retires few hours before the new box launches. That way people can make a day of HTB and work on what was retired, then do the new box when it launches.
@@ippsec Ok Thanks :D
lmao everyone does these boxes and they have like no idea what a variable is
so this is one of the easy ones? alright then
Root is end of line
@IppSec, at 53:00 you're saying you "started to regret stepping through this exploit without doing any prep". Well, I believe there's no reason to feel that way)) On the contrary, it helps watching the way you go over hurdles and find solutions through trial and error. I mean it - it really helps newbies like me to learn new things! This is why I watch your videos instead of reading quick 5-minute write-ups.