Thank you very much for the video, always learning something new! Just one thing, I got blacklisted as well while rooting the machine but came out of it in a different way. You just have to set the x-forwarded-for cookie with a different ip, that does the trick and bypasses the check, if I remember well. Just so that you know ;)
Nicolás Pérez Molina hackthebox has machines that won't find solution until they are retired. Vulnhub most of the time had solutions. That depends on what you like. Also hackthebox gives you a vpn so that's the only thing you have to download to hack the machines. On vulnhub you need to download a virtual machine and run it on your network which is better somehow,because no one restores the machine so... There are other differences btw. If you are a beginner do some easy machines on vulnhub. Hackthebox is difficult.
Amazing, did this machine two days ago and had no idea it was going to be retired the next day :"D Btw, thank you very much for those amazing videos, they're literally stacked with knowledge! I'm grateful.
I believe I had completed nibbles in under 10 minutes. I cover a lot more things in the video than I would if doing it live. Also after pretty much tearing apart one ctf box a week for a year straight, its likely that a lot of my path won't make sense because I'll already know some weird trick the author wanted to put in the box. I've thought about streaming VulnHub but would need to block out a 2-3 hour chunk of time predictably to be successful there. I'd rather just spend the time studying and creating a different non-ctf video series.
Yeah i take tons of notes when i dont understand a new term you use and research it. I really appreciate you explaining further on your videos. I figured as much considering the amount of genius level of imformation you have stored in that beautiful mind of yours. Do you take donations? If so where could i send it, because you taking the extra time to help out the InfoSec community is tremendously awe-inspiring. We cant thank you enough.
Thanks for the kind words, just pay it forward when you can. Videos are as much for me as everyone else. Unfortunately, I don’t accept donations but appreciate the offer. Luckily for me a one time donation wouldn’t really have any impact on my life so it’s hard to be as greatful as I should be. That being said it would be pretty awesome to hear about someone helping out a charity local to them. For example sending food to an no kill animal shelter.
They've put this in the latest getting started module on the academy.. lol the 'they' is you because you were in the credits.. I dunno why I'm saying this.. but yeah great module... Im just a beginner.. that module cleared a lot of ideas..
Oh there is a CVE for the image upload thing. I enden up reading the sources for the upload function and quickly spotted the vulnerability. It works because the code checks the image _after_ it has been moved into the web dir, where it throws an error and leaves the file without deleting it.
why did the local port forwarding work ... is it because the nineveh machine has connectivity to nibble. Is it possible to do the same thing using another local machine
If you would not have guessed the right password directly, you could have used x-forwarded-for to switch to a new ip for each login attempt. See github.com/cloudfoundry/gorouter/issues/179 www.dzonerzy.net/post/nibble-blog-ip-spoofing-attack
when I did nibbles I always got permission denied when trying to edit the etc/hosts file for some reason. Doing sudo -u root /path/to/monitor.sh ended up working for me. Also didn't know about RationalLove privesc, where tf did this thing pop out of? ty ipp
Hi, this one was pretty easy. Other then the password everything went smooth maybe ten minutes to complete if i knew the password? However, I've been trying to find a way to bruteforce the password with hydra but i couldn't find any way. Is there actually a way to find a password in this kind of senario?
you still stuck or did you get past it? I just followed along the HTB Academy [Getting STarted Module]. It maybe of help. One place I got stuck was escalating privileges, but that was because it was a misunderstanding on my part by reading regular message as error message :\ Anyway, good luck!
You can specify hostname in the /etc/sudoers file, so the entry is only valid on that host. Was useful before the days of DevOps, because you could just have one file across all servers and be relatively secure.
that ssh tunnel trick was awsome
Thank you very much for the video, always learning something new! Just one thing, I got blacklisted as well while rooting the machine but came out of it in a different way. You just have to set the x-forwarded-for cookie with a different ip, that does the trick and bypasses the check, if I remember well. Just so that you know ;)
"Is there something else that I can do", this phrase keeps me motivated for HTB :)
This is my first box on HTB. Learned much already from this vid. Thank you!
how the fuck do you hack one lol
start with vulnhub my guy
what diference is between hackthebox and vulnhub?
Nicolás Pérez Molina hackthebox has machines that won't find solution until they are retired. Vulnhub most of the time had solutions. That depends on what you like. Also hackthebox gives you a vpn so that's the only thing you have to download to hack the machines. On vulnhub you need to download a virtual machine and run it on your network which is better somehow,because no one restores the machine so... There are other differences btw. If you are a beginner do some easy machines on vulnhub. Hackthebox is difficult.
Nicolás Pérez Molina HTB provides online machine to attack while vulnhub give image files which you can download and attack
You are amazing... I found this channel today and learned lots 👌👍💥🔥🔥🔥🔥🔥🔥
Thanks so much! It's great to watch you do these easier machines as well. So helpful and learning tons. Thanks again!
Amazing, did this machine two days ago and had no idea it was going to be retired the next day :"D
Btw, thank you very much for those amazing videos, they're literally stacked with knowledge! I'm grateful.
i became happy and excited every time i see you upload new video :D i really do , thanks for your Knowledge
i really appreciate it
My first machine, was a great one for me
Exactly :)
Same here
like a first sex hehehe )
It's over 9000 !
Many thanks for ALL your walk-throughs!
The way you solve the machines with easy make me realize I have a long way to go.
Can appreciate the "over 9000" reference
Keep in mind: The box names on HTB have special meanings. In this case, nibbles is also the password - lol
Snitchingggg lol
password was nibbles tf how do you guess it so right
cewl the website you will get it, no need to guess
@@sriharikeerthi1480 true but there is a login attempt blacklist so you wouldnt be able to brute force the cewl output...
ipsecc: "this is a really easy box"
14 minutes later: gets locked out.
It would be awesome to have a video of you approaching an unknown box so we could understand all of your reasoning.
I believe I had completed nibbles in under 10 minutes. I cover a lot more things in the video than I would if doing it live. Also after pretty much tearing apart one ctf box a week for a year straight, its likely that a lot of my path won't make sense because I'll already know some weird trick the author wanted to put in the box.
I've thought about streaming VulnHub but would need to block out a 2-3 hour chunk of time predictably to be successful there. I'd rather just spend the time studying and creating a different non-ctf video series.
IppSec non-ctf would be good
Yeah i take tons of notes when i dont understand a new term you use and research it. I really appreciate you explaining further on your videos. I figured as much considering the amount of genius level of imformation you have stored in that beautiful mind of yours. Do you take donations? If so where could i send it, because you taking the extra time to help out the InfoSec community is tremendously awe-inspiring. We cant thank you enough.
Thanks for the kind words, just pay it forward when you can. Videos are as much for me as everyone else. Unfortunately, I don’t accept donations but appreciate the offer. Luckily for me a one time donation wouldn’t really have any impact on my life so it’s hard to be as greatful as I should be.
That being said it would be pretty awesome to hear about someone helping out a charity local to them. For example sending food to an no kill animal shelter.
IppSec _/ alright my brother. Will do, will do.
They've put this in the latest getting started module on the academy.. lol the 'they' is you because you were in the credits.. I dunno why I'm saying this.. but yeah great module... Im just a beginner.. that module cleared a lot of ideas..
Amazing job!, I'm your new follower, hope one day I do all that stuff you do...
Thank You for sharing Your Knowledge.
When I grow up, I wanna be like you man.
Which keymaps have you used to change the encoding in the burp suite?
For the better shell with autocomplete, can you type what u press please? you say FG with enter or something but tbh i dont understand xD
Thank You @IppSec ;) - deleting empty lines in Vi -> :g/^$/d OR you can use in Burp "Copy to file" ;)
you can also make an alias for this command -> :command Lines :g/^$/d after this you can call :Lines
Keep them coming IppSec ✌️
15:30 why didnt you use proxychain just before hydra?
This was my first box, did many different things but still got root :) !
nice, can't wait for nightmare
The last question you could think someone would ask you: what keyboard do you use?
Thanks for sharingh all this knowledge.
Oh there is a CVE for the image upload thing. I enden up reading the sources for the upload function and quickly spotted the vulnerability.
It works because the code checks the image _after_ it has been moved into the web dir, where it throws an error and leaves the file without deleting it.
It took sooo long for me to get user cuz I couldn’t find the admin credz
Same. Small problem, big impact!
Thanks
why did the local port forwarding work ... is it because the nineveh machine has connectivity to nibble. Is it possible to do the same thing using another local machine
Nice ippsec sr
Any idea what to do if you not guess the password?
Ssh tunel was used on potion :)
Are you able to hit the web server with a proxy chain configuration so you can bypass the lockout with multiple IP's?
He's routing traffic through another htb box he'd already solved to avoid a reset since they're on the same VPN anyway.
no way, I was trying to do this machine 10 mins ago, damn it.. lol
At 24.49 what hotkey is pressed to code the right format? - It is Ctrl-U
If you would not have guessed the right password directly, you could have used x-forwarded-for to switch to a new ip for each login attempt.
See github.com/cloudfoundry/gorouter/issues/179
www.dzonerzy.net/post/nibble-blog-ip-spoofing-attack
Nice Catch! Didn't even think to check for that type of attack.
when I did nibbles I always got permission denied when trying to edit the etc/hosts file for some reason. Doing sudo -u root /path/to/monitor.sh ended up working for me. Also didn't know about RationalLove privesc, where tf did this thing pop out of? ty ipp
I wandered through open directories and found image.php which was a somebody else's shell with GUI. Used that to get user. Lol !
🤔🤔 awsome.
Whats the best to create methodology likh you.
Seriously awsome and so fast
password nibbles WTF ?
Make sure you spell monitor.sh right as well as have it in the dir /home/nibbler/personal/stuff$
This might be something that changed but how are you executing that other shell file? if only "monitor.sh" can actually run without being root?
Hi, this one was pretty easy.
Other then the password everything went smooth maybe ten minutes to complete if i knew the password?
However, I've been trying to find a way to bruteforce the password with hydra but i couldn't find any way.
Is there actually a way to find a password in this kind of senario?
How to find the ssh credentials for DevOops???
Looking for my first machine to work on. Thinking this is a great place to start?
where do we copy /opt/shell/php/cmd.php from
Why don't you wanna use metasploit?
Ippsec master teach me your way
i cannot for the life of me get a reverse shell on this machine even when i follow this tutorial
you still stuck or did you get past it? I just followed along the HTB Academy [Getting STarted Module]. It maybe of help. One place I got stuck was escalating privileges, but that was because it was a misunderstanding on my part by reading regular message as error message :\ Anyway, good luck!
why does sudo checks the hostname/ip?
You can specify hostname in the /etc/sudoers file, so the entry is only valid on that host. Was useful before the days of DevOps, because you could just have one file across all servers and be relatively secure.
i hate using vi. the enter doesnt work and i keep getting weird strings of characters when i hit esc or insert. can anyone help me with this?
Install VIM.
@@ippsec what if the user cant use apt?
Nibble
Hm, I found the username by guessing.
Please no guessing passwords, that's dumb af. Either there is a way or there isn't... guessing shouldn't be part of a box.
Tutorial: Just guess the admin password lol
h4x0r3
@@rickjames3034 think again... It's right in front
The day I owned root this machine got retired😥😥
baffled by how this is an "easy" machine and basically you have five tries to GUESS a password... wth.
password nibbles ?..oops
I owned it in a different way 0.O
How ?
Calm down. Too fast for my brain.
How about a face reveal video ?
I don't believe that will happen. I'd prefer not to be recognized when I go to conferences.
so instead you let a confused Ray Romano get harrassed by infosec nerds XD
Password is "nibbles"
Thanks
thanks