I'm a simple man. I see IppSec released a new video. I watch. I learn.
@sakettestsakettest80094 жыл бұрын
Honestly i haven't seen many peoples like him. Doing everything for community without expecting much in return. He will be in prayers 🙏 of many peoples.
@khalat1734 жыл бұрын
Learned a lot as always. The clave credentials where accessible during the directory bruteforce step at "/profile/index.php". Also got down the rabbit hole of trying to b64 decode it. Your way of doing it for the first 30 minutes was highly educative. The rest as well. Thanks!
@pixldznr21514 жыл бұрын
Rooted it with the sudo git pull method as well. This was a really fun box! Thanks for the vid per usual :)
@notme15814 жыл бұрын
Has the CIA/FBI ever reached out to you? Your skills are EPIC
@_mayankr4 жыл бұрын
While I don't doubt his skills are epic, he's probably doing these boxes for the second time here, for the video. And that is why he doesn't seem to struggle at all and knows what he's doing.
@tyaprak4 жыл бұрын
@@_mayankr Have you ever tried hacking a box? I think it is the superior way timewise. Otherwise videos would be like 10 hours long.
@_mayankr4 жыл бұрын
@@tyaprak I have. I completely agree with you.
@marcandrer4 жыл бұрын
I tried that "sudo git pull" for a whie when I did the box and could never figure it out... you make it look so easy :)
@blong206b4 жыл бұрын
Question? at 27:39 in the video, IppSec types in www-data@bitlab:/var/www$ cd /dev/shm It looks like he typed this into a terminal screen. I'm getting this-- bash: www-data@bitlab:var/www$: No such file or directory. I'm connected to bitlab at 10.10.10.114 My current level of hacking is: * What does CTF mean. Noob Beginner Intermediate Advanced
@deansmith50074 жыл бұрын
Great video again! love that you went down the priv esc of the git hooks and it worked, I plan to do it and follow along as you go and learn more of the gitlab/hub stuff. Keep it up! 😁😁😁😁😁😁😎😎😎😎😎😎
@tejaszarekar91454 жыл бұрын
You are the boss and from you we learn
@delta-82984 жыл бұрын
at 5:51; there is another way to find the /help directory that made more sense in my head. Knowing that gitlab isn't custom software there was a chance a CVE existed for a specific version of it. Googling how to get a gitlab version leads you to the /help directory.
@_mayankr4 жыл бұрын
The first time I earn anything through pentesting, some part of it is going to your patreon for sure.
@narainagnitra4 жыл бұрын
Hi! Great Videos. I am fairly new to the world of Linux and CTFs. I had a question regarding the terminal in Kali Linux. How do you split the terminal? This is for the default terminal in Kali. I am using Terminator for the same but I have seen your videos where you split the default terminal.
@ambatshri4 жыл бұрын
He's using tmux. I guess he's having a video showing his tmux configuration.
@gcm43124 жыл бұрын
Why did git use your version of the hook, in your directory, and not the one it previously had?
@gcm43124 жыл бұрын
I get it now. You ran a git pull on the copied repository not the original. Missed that.
@TubeSomeYou4 жыл бұрын
I could not make that damn pull request work on the box.. So nice to see it done, and kind of frustrating too :D
@mikeladan8024 жыл бұрын
I went the intended route but didn't manage to RE the .exe , which was very frustrating. So I went with the unintended route from there. Great to see I wasn't the only one struggling with the binary. Thanks IppSec for always giving insight, without your videos I would never have started with CTF - now addicted!:)
@mr.fakeman47184 жыл бұрын
Wow, best Ubuntu box so far imo. I find interesting Windows machines too, but I suffer to say the least.
@bv14954 жыл бұрын
Once again Kung fu Master level! rhanks Ippsec
@hipn00994 жыл бұрын
when you find out you were that close but didnt try harder... ;(
@wtfitsaduck._.77884 жыл бұрын
i wanna be ippsec when i grow up.. lol for real though you are a true inspiration and i hope to reach your level some day ♥
@gespoL-10 ай бұрын
O cara é bom
@БоянМихайлов-й2ж4 жыл бұрын
Thank you for your video, ippsec! I was wondering if there could be a priv-esc with git on windows box?
@roberthorn67074 жыл бұрын
In the world of Penetration Testing. How useful is being able to perform CTF's? In the wild, these vuln's are not that common. So how would you transfer these skills? Some in the PenTest world say they're totally different animals.....CTFs vs Pentests
@ippsec4 жыл бұрын
I’d say it’s super useful. Critical thinking and exploring software. This box in particular teaches a fun way to persist that I’ve never seen get automatically get flagged by any tool
@tejaszarekar91454 жыл бұрын
@@ippsec can i say gym for the mind?
@DHIRAL29084 жыл бұрын
Great one!!!
@aminhatami39284 жыл бұрын
Thank you very very much
@Danielheadbanger4 жыл бұрын
Yeah I did the unintended way because I don't have a windows machine and setting up an environment just for that exe was to much hassle for me. After seeing the privesc from user to root I am still convinced the unintended way was much more fun, especially because you can't blindly rely on gtfobins.
39:56 this VM is going slow Me : That must be Chrome :p
@michaelyadidya87424 жыл бұрын
Just a suggestion IppSec you should try VulnHub PinkyPalaceV4 it is a nice one. And also because I just can't understand the damn thing even after following walkthroughs. I really learnt a lot from your videos. Thanks
@CyberBlackHole4 жыл бұрын
Says he's not good at rev. Goes on to get the credentials.. 😅
@pixldznr21514 жыл бұрын
You could just throw it into a hex decoder online and it does the same thing... Not much reversing involved at all haha
@rlynotabot4 жыл бұрын
Some painful decoys in this one :S
@kris-hb5bv4 жыл бұрын
Ok, I need you to help me
@xxs96424 жыл бұрын
Sorry for my poor english, but you can use this tool ( output.jsbin.com/hazevo/1 ) to prettify js like 'var _0xf17f = ["(", ")", "div", ...]' . At video kzbin.info/www/bejne/fKnUZ6KQYq1grqs