I guessed the domain name. I didn't even think about bruteforcing. My thought process was "If this project is called Cache and it's domain name is cache.htb then the domain of his other project, HMS, might just be hms.htb".
I figured I would explain the docker thing a bit. When you use 'run', it creates a new "container", which you can think of as a VM. When you put '--rm', it deletes it when it is done executing whatever it should execute (in this case, the 'chroot') '-it' is commonly used when you want to interactively drop into a container vs just letting it run in the background and is independent of the image actually being used. 'chroot...' basically let's you use a specific folder as if it were '/'. I usually just use /bin/bash and navigate to the /mnt directory in this scenario, but chroot is good, if it is installed on the docker image being used. I'll have to keep that in mind!
wait i thought in this case i need to manually exit the container then the container get removed! since a sh is also called, not just chroot? i feel like sh is not as run-one-time-and-done as chroot, also in the video ippsec input like a bajillion commands there and that container was not done and deleted? (pls forgive if im not making sense here😂i literally read the docker docs for almost five hours and still not quite get how that app work😂)
@@csmole1231 I encourage you to install docker and open two terminals and play around with it. It one, do the docker run, in the other, do commands like "docker container list --all" Docker containers live as long as their primary process is running. In both of these cases, the container should stop as soon as the terminal is exited. You should not see the container at all in "docker container list --all" if you specify --rm, but it will still be there, just stopped if you leave out the --rm. When you open it with sh, the process id of sh is 1. If you run ls, the process id is whatever, and the parent process id is 1, but sh is still running. It will run until you kill it.
@ippsec the trick with docker group users is they can spawn containers with relatively high privileges on host ressources as default, and base OS images are by default with container's root user (there is a security good practice telling: always create an unprivileged user in your docker custom images, to prevent that, but if you can pull a base os image it's game over...) , so the trick is to map a volume (-v source:dest) on the filesystem root into the container and access it as root (uid 0 guid 0) you then have (at least) full read access. There is also a "privileged mode" to gain access to more privileges from the container onto the host (--privileged) that's my understanding
Yeah it's good to research when attaching continue but i liked to watching terminal. You are like a program that have a lot off thread. never breathing only searching more bug same time :)
Good video as always! You mentioned you should not use a VM for cracking. I have been planning on upgrading my server for a while and have been planning on throwing a GPU in it so I could do a hardware Passthrough occasionally and use it as a password cracking station when I need it. It sounds like you dislike this idea and I was hoping you could elaborate. Keep up the great work!
The Problem is that VMs usually dont support Graphics Card passthrough, meaning you cant run workloads from your vm on your gpu, that makes your vm really slow since the work is done on the CPU. I think also consumer GPUs from nVidia dont support passthrough (maybe the rtx 30 series i read somewhere?) I usually just run hashcat on my host and it will run faster and in the background. Upgrading your server should work as well, if you dont run VMs on it?
@@redpanda31337 I was using Unraid with a GTX 970 and SSD passthrough for years as a daily driver. Worked very well for me. I couldn't even tell I was in a VM aside from knowing I had 1/2 the resources available to me.
The "about" section for the author stated that he made Hospital Management System... So hms.htb could be assumed I suppose. Not a fan, but it wasn't that bad!
The about section for the author did stated that he made Hospital Management System... So HMS.htb would make sense! Not a fan as well but wasn't that bad!
just out on interest, in burp you can set the target ip address and scope within that ip address, is there a reason you dont set the scope to the ip of the target and instead turn off the proxy from firefox to burp when not browsing the target?
what's the keyboard shortcut to perform the request in repeater? not the one to send it to repeater, but when you are in repeater to perform it. thank you!
How can I enter this field of cyber security like which certifications should I do or path should I follow or at the very least where should I start from?
TryHackMe is a popular one these days. They provide more structured learning material vs HackTheBox. I also will always recommend the PortSwigger Network Academy for learning web vulns.
It's not always about speed, if you go too fast you may miss ports or worse, cause a DOS. If i want NMAP to go faster, I'll edit arguments but RustScan is faster because NMAP's defaults is "operational awareness" not "inferior code".
When you register to HTB, you'll be given an OpenVPN file (it will be called as your username I think, so could be wangjack.ovpn), you need to download it. Then you run "sudo openvpn " which will create a VPN connection to the HTB network. Then you write "ip a" to the terminal and after the tun0 entry will be the address of your parrot box inside the HTB networ. It will be different thatn 10.10.14.2 but will probably start with 10.10. This connection will also allow you to access all the machines.
Bro you have no idea about how much you inspire and teach me with these videos. Keep it up with the great work !
that's insane all I can say that this is really helpful approach ! big up for everything you are sharing it's awesome.
The memcache let me crazy 🙏🏻 thanks for ur work.
Great video as always. -it flag on docker gives a interactive shell to work with. Without that the docker container will start and will shut down.
Laudanum was a opium based painkiller used from the 17th century until the 20th when opioids were synthesized
I guessed the domain name. I didn't even think about bruteforcing. My thought process was "If this project is called Cache and it's domain name is cache.htb then the domain of his other project, HMS, might just be hms.htb".
I figured I would explain the docker thing a bit. When you use 'run', it creates a new "container", which you can think of as a VM. When you put '--rm', it deletes it when it is done executing whatever it should execute (in this case, the 'chroot') '-it' is commonly used when you want to interactively drop into a container vs just letting it run in the background and is independent of the image actually being used. 'chroot...' basically let's you use a specific folder as if it were '/'. I usually just use /bin/bash and navigate to the /mnt directory in this scenario, but chroot is good, if it is installed on the docker image being used. I'll have to keep that in mind!
wait i thought in this case i need to manually exit the container then the container get removed! since a sh is also called, not just chroot? i feel like sh is not as run-one-time-and-done as chroot, also in the video ippsec input like a bajillion commands there and that container was not done and deleted?
(pls forgive if im not making sense here😂i literally read the docker docs for almost five hours and still not quite get how that app work😂)
@@csmole1231 I encourage you to install docker and open two terminals and play around with it. It one, do the docker run, in the other, do commands like "docker container list --all"
Docker containers live as long as their primary process is running. In both of these cases, the container should stop as soon as the terminal is exited. You should not see the container at all in "docker container list --all" if you specify --rm, but it will still be there, just stopped if you leave out the --rm.
When you open it with sh, the process id of sh is 1. If you run ls, the process id is whatever, and the parent process id is 1, but sh is still running. It will run until you kill it.
@ippsec the trick with docker group users is they can spawn containers with relatively high privileges on host ressources as default, and base OS images are by default with container's root user (there is a security good practice telling: always create an unprivileged user in your docker custom images, to prevent that, but if you can pull a base os image it's game over...) , so the trick is to map a volume (-v source:dest) on the filesystem root into the container and access it as root (uid 0 guid 0) you then have (at least) full read access.
There is also a "privileged mode" to gain access to more privileges from the container onto the host (--privileged)
that's my understanding
Thanks ippsec, that cleared out some things for me.
@IppSec thankyou for your hard work
i honestly was waiting for one new video
Yeah it's good to research when attaching continue but i liked to watching terminal. You are like a program that have a lot off thread. never breathing only searching more bug same time :)
Good video as always! You mentioned you should not use a VM for cracking. I have been planning on upgrading my server for a while and have been planning on throwing a GPU in it so I could do a hardware Passthrough occasionally and use it as a password cracking station when I need it. It sounds like you dislike this idea and I was hoping you could elaborate.
Keep up the great work!
The Problem is that VMs usually dont support Graphics Card passthrough, meaning you cant run workloads from your vm on your gpu, that makes your vm really slow since the work is done on the CPU. I think also consumer GPUs from nVidia dont support passthrough (maybe the rtx 30 series i read somewhere?) I usually just run hashcat on my host and it will run faster and in the background. Upgrading your server should work as well, if you dont run VMs on it?
@@redpanda31337 I was using Unraid with a GTX 970 and SSD passthrough for years as a daily driver. Worked very well for me. I couldn't even tell I was in a VM aside from knowing I had 1/2 the resources available to me.
The "about" section for the author stated that he made Hospital Management System... So hms.htb could be assumed I suppose. Not a fan, but it wasn't that bad!
The about section for the author did stated that he made Hospital Management System... So HMS.htb would make sense! Not a fan as well but wasn't that bad!
This was great! #1💝💋
just out on interest, in burp you can set the target ip address and scope within that ip address, is there a reason you dont set the scope to the ip of the target and instead turn off the proxy from firefox to burp when not browsing the target?
20:26 msv6?
Thank you!
you can do group_concat to get all the rows in a single string.
There is a 32 character limit in XPATH Error messages. I'd hit that pretty quickly with group_concat :-)
While transferring file over nc, you can use -w 5, it should timeout the session after 5 sec
the concept of vhost and host header will help doctor machine in htb
what's the keyboard shortcut to perform the request in repeater? not the one to send it to repeater, but when you are in repeater to perform it. thank you!
It's like Ctrl+spacebar by default, I think. You can go into the preferences and see all the shortcuts and set them to whatever you want.
Hey ippsec.. high five 🔥✋
How to write that python script instead of using intruder is there something which I can refer to?
Go to: ippsec.rocks, search for python sql
Thanks your videos really helps learning new stuff every week.
How can I enter this field of cyber security like which certifications should I do or path should I follow or at the very least where should I start from?
TryHackMe is a popular one these days. They provide more structured learning material vs HackTheBox. I also will always recommend the PortSwigger Network Academy for learning web vulns.
Ippsec why don't you use rustscan instead of Nmap
It's not always about speed, if you go too fast you may miss ports or worse, cause a DOS. If i want NMAP to go faster, I'll edit arguments but RustScan is faster because NMAP's defaults is "operational awareness" not "inferior code".
@JohnHammond010 Please take notes😂
1:01;43 && cool story bro
How to set the parrot ip to 10.10.14.2 and make the HTB box mechine can access it
When you register to HTB, you'll be given an OpenVPN file (it will be called as your username I think, so could be wangjack.ovpn), you need to download it. Then you run "sudo openvpn " which will create a VPN connection to the HTB network.
Then you write "ip a" to the terminal and after the tun0 entry will be the address of your parrot box inside the HTB networ. It will be different thatn 10.10.14.2 but will probably start with 10.10. This connection will also allow you to access all the machines.
Bro how i choose correct encryption method in crypto challenge
practice makes you recognize what type of crypto is that, for instance ' aGkgYnVkZHkgOikgCg== ', u just know it's base64
@@HMUP7 👍
@@HMUP7 Agreed, best way to get better is just practice.
who else guessed luffys password 😂