Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
ippsec, you should start using ffuf, its very stable and fast :D Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things
11:46 - "It's probably because it started with the hashtag" Owch Ipp - Just owch. "I run calculator and... I get a shell" Sounds like your average exploit PoC :p With the new flag system you can actually cat the flag - No need to worry about character counting it :)
![Wolfram Physics Project: Working Session Wednesday, Apr. 29, 2020 [Finding Black Hole Structures]](http://i.ytimg.com/vi/SbDzqlOLIZA/mqdefault.jpg)
I love when you give extra knowledge! It's really helpful and we get to learn something new 😁
This was my first box, and I think it shows, with unintendeds at every step. It's been a real learning experience for me though!
I love the ramblings. That's one of the reasons why you are the best! Awesome walk-through bro.
I love your videos. I already owned this machine, but watching your video really help me learn a lot of new things. Totally recommended!
Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
thanks for the extra explanations - awesome content as always!
Man what a masteclass!! Including how WEP cracking works!
Thanks a lot for sharing your knowledge mate!!
Amazing!!
Very much agreed on the intro, obscurity is definitely a powerful layer of security if used right.
The best explanation of the Box that you can imagine. Great job, IppSec!
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
Thanks for diving into details it's so helpfull :)
23:28: Top 10 Anime Betrayals
I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
Man I just got lucky did it yesterday nice box and great explanation loved it
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
Incredible Insight you showed me. Thanks
How should I start on CTFs not Hackthbox? Please reply !
Like before watching ♥️
nice content ! i'm asking about curiosity if u are good at doing ctf's why don't you move to bug bounty ?
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
oh man , your videos are like good series :) love every episode :D .... Im a beginner , but one day ill get there :)
Do you have experience in the field ?
john cracks that root password hash in a split second
When you said you didnt want us to see whats in your Download folder i died laughing!
Thank you ippsec!
ippsec, you should start using ffuf, its very stable and fast :D
Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
nice info, do you have good resource to start tutorial bandit apps,
I got frustrated from this box and left without solving...😔😒
Me too, I left it coz its brain fuck not medium
i like your vidéo guy , it's so good , i like it
Love ur videos and thank you so much
bunch of insight i got. thanks for those inspiring stuff. hope my channel can grow as good as yours
Hello, thanks for your video.. btw, -Z parameter on wfuzz continue process after error. I found develop folder using this.
still, doing *nc -q 0 your_ip port < file_to_send* on the remote box auto terminates the nc process.
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things
A clock is a really good model to visualize modulus!
How so, can't even behind to connect the two.
For the web. Love it
11:46 - "It's probably because it started with the hashtag"
Owch Ipp - Just owch.
"I run calculator and... I get a shell"
Sounds like your average exploit PoC :p
With the new flag system you can actually cat the flag - No need to worry about character counting it :)
I think the vs code is named Codium in repos
I used dirbuster for the first time on this box.
At the bottom checked the box for fuzzing and used /{dir}/SuperSecureServer.py
Found it pretty quick
I learn a lot from you..! really appreciate it..
Love the videoss
Nope
@@ippsec Ahh why not xD
Well...that was significantly more impressive than the way i got the www-data shell. XD
How did you get it?
I remember this box. One big pain in the ass is what it is.
Alexandrovich is patronymic
and pronounce as alexAndrovich
47:16 lol, I see I'm not the only one who gets curious over the "why this does not work" and stop everything to find it out
Woah, I did this one like 2 hours ago, I must have got lucky it was still online!
Was this free box ?
Hero.
You could present ffuf in the next video... Like to show different tools and everything
Alexandrovich is a Russian patronymic or middle name lol
1:24:56 blow my mind