I'm a simple man. I see IppSec released a new video. I watch. I learn.

Learned a lot as always. The clave credentials where accessible during the directory bruteforce step at "/profile/index.php". Also got down the rabbit hole of trying to b64 decode it. Your way of doing it for the first 30 minutes was highly educative. The rest as well. Thanks!

Rooted it with the sudo git pull method as well. This was a really fun box! Thanks for the vid per usual :)

Has the CIA/FBI ever reached out to you? Your skills are EPIC

I tried that "sudo git pull" for a whie when I did the box and could never figure it out... you make it look so easy :)

Question? at 27:39 in the video, IppSec types in www-data@bitlab:/var/www$ cd /dev/shm It looks like he typed this into a terminal screen. I'm getting this-- bash: www-data@bitlab:var/www$: No such file or directory. I'm connected to bitlab at 10.10.10.114 My current level of hacking is: * What does CTF mean. Noob Beginner Intermediate Advanced

Great video again! love that you went down the priv esc of the git hooks and it worked, I plan to do it and follow along as you go and learn more of the gitlab/hub stuff. Keep it up! 😁😁😁😁😁😁😎😎😎😎😎😎

You are the boss and from you we learn

at 5:51; there is another way to find the /help directory that made more sense in my head. Knowing that gitlab isn't custom software there was a chance a CVE existed for a specific version of it. Googling how to get a gitlab version leads you to the /help directory.

The first time I earn anything through pentesting, some part of it is going to your patreon for sure.

Hi! Great Videos. I am fairly new to the world of Linux and CTFs. I had a question regarding the terminal in Kali Linux. How do you split the terminal? This is for the default terminal in Kali. I am using Terminator for the same but I have seen your videos where you split the default terminal.

Why did git use your version of the hook, in your directory, and not the one it previously had?

I could not make that damn pull request work on the box.. So nice to see it done, and kind of frustrating too :D

I went the intended route but didn't manage to RE the .exe , which was very frustrating. So I went with the unintended route from there. Great to see I wasn't the only one struggling with the binary. Thanks IppSec for always giving insight, without your videos I would never have started with CTF - now addicted!:)

Wow, best Ubuntu box so far imo. I find interesting Windows machines too, but I suffer to say the least.

Once again Kung fu Master level! rhanks Ippsec

when you find out you were that close but didnt try harder... ;(

i wanna be ippsec when i grow up.. lol for real though you are a true inspiration and i hope to reach your level some day ♥

O cara é bom

Thank you for your video, ippsec! I was wondering if there could be a priv-esc with git on windows box?

In the world of Penetration Testing. How useful is being able to perform CTF's? In the wild, these vuln's are not that common. So how would you transfer these skills? Some in the PenTest world say they're totally different animals.....CTFs vs Pentests

Great one!!!

Thank you very very much

Yeah I did the unintended way because I don't have a windows machine and setting up an environment just for that exe was to much hassle for me. After seeing the privesc from user to root I am still convinced the unintended way was much more fun, especially because you can't blindly rely on gtfobins.

wow!

Thanks Ipp!

Nice Explanation 👌 💨💻 #AlwaysTrainYourMindToKeepLearning....!!

39:56 this VM is going slow Me : That must be Chrome :p

Just a suggestion IppSec you should try VulnHub PinkyPalaceV4 it is a nice one. And also because I just can't understand the damn thing even after following walkthroughs. I really learnt a lot from your videos. Thanks

Says he's not good at rev. Goes on to get the credentials.. 😅

Some painful decoys in this one :S

Ok, I need you to help me

Sorry for my poor english, but you can use this tool ( output.jsbin.com/hazevo/1 ) to prettify js like 'var _0xf17f = ["(", ")", "div", ...]' . At video kzbin.info/www/bejne/fKnUZ6KQYq1grqs