Interview with InsiderPHD, PowerSIEM video, Altered and Shibboleth walkthroughs, all in one week! Thank you for all your hard work and dedication Ippsec
Hi Ippsec! Thank you so much for your videos! Just wanted to say: When your reverse shell in Zabbix kept dying, there is a far easier way than doing this double-shell stunt. The second parameter of the system.run[command,mode] can be used for that. If you had set it to nowait, Zabbix would have started your shell without waiting for the command to return (thereby killing it), so it would keep running in the background ;)
I found the hash and then was stuck trying to get a shell with ipmi using the SOL command. I thought I had enumerated everything but I missed the V Host. Once I saw that as the next step I got all the way to checking the sql version, down to googling for exploits and just went right over the exploit. Frustrated I had it! But didn't look hard enough at first. Thanks so much for another great video.
There is another way a bit easier to get shell through the Zabbix. In Administration > Scripts panel you can just create or edit/clone some script and put the bash reverse shell there. Then the script can be executed by clicking in the host in Monitoring > Hosts.
Cool, thanks! Good to note! For this box, I don't think the user you log in as has access to the Administration menu though. It seems the user is a "Zabbix Admin" rather than "Zabbix Super Admin", and so lacks access to that menu.
Shibboleth was such a good machine experience. I really enjoyed it. Took me longer than expected :) Didn't want to abuse sudo since it is not intended way. EDIT: seems it wouldn't work anyway lol
Awesome walkthrough as usual. For connecting to mysql, you can give password in command line (thought not good practice :) ). You cannot have space between '-p' and password and then it will work
In your opinion, Blackarch linux better than Kali or Parrot? or Blackarch linux is a positiv point for me, when i am looking for a job opportunity related to Penetration Tester?
Great video as always :) I have a real pentest scenario where I have to do a double shell because the process terminates. Unfortunately your method of double shell didn't work as well. Is there any other alternative?
Interview with InsiderPHD, PowerSIEM video, Altered and Shibboleth walkthroughs, all in one week! Thank you for all your hard work and dedication Ippsec
Hi Ippsec! Thank you so much for your videos! Just wanted to say: When your reverse shell in Zabbix kept dying, there is a far easier way than doing this double-shell stunt. The second parameter of the system.run[command,mode] can be used for that. If you had set it to nowait, Zabbix would have started your shell without waiting for the command to return (thereby killing it), so it would keep running in the background ;)
That worked great! Thank for the tip.
I found the hash and then was stuck trying to get a shell with ipmi using the SOL command. I thought I had enumerated everything but I missed the V Host. Once I saw that as the next step I got all the way to checking the sql version, down to googling for exploits and just went right over the exploit. Frustrated I had it! But didn't look hard enough at first. Thanks so much for another great video.
There is another way a bit easier to get shell through the Zabbix. In Administration > Scripts panel you can just create or edit/clone some script and put the bash reverse shell there. Then the script can be executed by clicking in the host in Monitoring > Hosts.
Cool, thanks! Good to note!
For this box, I don't think the user you log in as has access to the Administration menu though. It seems the user is a "Zabbix Admin" rather than "Zabbix Super Admin", and so lacks access to that menu.
Shibboleth was such a good machine experience. I really enjoyed it. Took me longer than expected :) Didn't want to abuse sudo since it is not intended way. EDIT: seems it wouldn't work anyway lol
Great narrative. Thank you for sharing!
I tried the ssh key and found that you needed to be root to activate the service lol thanks Ippsec for this walk-through. Learned a lot from this.
Awesome walkthrough as usual. For connecting to mysql, you can give password in command line (thought not good practice :) ). You cannot have space between '-p' and password and then it will work
43:03 the private /tmp is a mount_namespaces(7)
You should do a video on your parrot box, they have changed it since and it's not as nice looking.
In your opinion, Blackarch linux better than Kali or Parrot? or Blackarch linux is a positiv point for me, when i am looking for a job opportunity related to Penetration Tester?
finally🥰thanks
As usual, thanks for the knowledge! When I did the box I did not have privileges to write to /dev/shm? However /tmp/ worked fine in my case.
how do you remember all command flags....
muscle memory
he's only done it 15000 times
Great video as always :) I have a real pentest scenario where I have to do a double shell because the process terminates. Unfortunately your method of double shell didn't work as well. Is there any other alternative?
If you search Ippsec.rocks for nohup, you’ll see me do it correctly there on a different zabbix box 😂
@@ippsec thanks for the fast response. I tried nohup, but unfortunately it dies as well.
Still don't understand how you'd supposed to know the usage of IPMI
💪😍❤️💋
🎃 🥧 #1
Should have IPMI on kracken... 😂
I do have a ilo on it 😂 just always forget the ip, so it’s quicker to just push a button
1st comment