Hey Ippsec, one thing that you didn’t mention when doing code review of the flask app (before linpeas finished running) you can see that the ‘command’ variable is actually set to “Python3 -c ‘import os; os.setuid(0) …’” since we know that tcpdump needs to run with root permissions this would be a direct giveaway that Python has suid capability without needing to ever parse through all of the linpeas output :) great vid!!
@skinnyelephant73513 жыл бұрын
what can one do with this information ? “Python3 -c ‘import os; os.setuid(0) …’” didnt get your point ?
@berndeckenfels3 жыл бұрын
@@skinnyelephant7351 it means the process sets effective user to root, which it can only do if running suid already
@vosnet-cyber60143 жыл бұрын
There's even a comment in the code suggesting that the way they are doing it is a "hacky solution". So gives you more of a clue this is what you need to look at. I didn't use linpeas when doing this box personally because of finding exactly what Spencer is saying in the code.
@jameslee62842 жыл бұрын
Great video Ippsec - thank you so much for the detailed overview, your breakdown including basics for each video is really helpful too.
@player-admin3 жыл бұрын
video under 30 minute took me 2 hours to google stuff i didnt knew about, great content as always
@pradohimself3 жыл бұрын
The follow TCP stream blew my mind. Thanks ippsec
@CurrentlyObsessively3 жыл бұрын
Hey Ippsec, you have used the oA flag for nmap in many, many videos and I was wondering if you had ever done a video that required one of the other two extensions? I can see the obvious guess as to where they'd be useful, but I am curious whether or not you had done a video for an example of such a case.
@TsukiCTF3 жыл бұрын
I took a break from HTB but still watching ippsec :^)
@howtobecometoolkit3 жыл бұрын
same
@albrmagawi3 жыл бұрын
He is too fast that the Machine isn't even retired 😂😂
@oriel3603 жыл бұрын
great content as always thanks for the vid
@lawaace10563 жыл бұрын
Great work as usual dude , hope u do a Q&A some time . Thanks
@aaryanbhagat48523 жыл бұрын
Nice video, will you ever do a Q&A.
@Mr_Chr1S_0Ай бұрын
Thanks man. Fantastic videos
@wizcactus22233 жыл бұрын
How many years it took for you to understand this.i can see you know where to look for and what things need to be looked.
@pa-vl1kg3 жыл бұрын
Hi ippsec, 05:39 in django you can disable admin from the setting, so I would keep that in mind when guessing flask or django.
@ippsec3 жыл бұрын
Thanks! Not sure I've really seen anyone do that ha.
@theplant40462 жыл бұрын
At 11:07 what the different between ftp and ssh they look same to me
@skyfeelanАй бұрын
- ftp is only for file transfer, with ssh, you can do so much more - yeah they look similar, ftp will have ftp in the console, while ssh will show username and IP
@clarb0273 жыл бұрын
You can move to the next TCP stream without having to close it each time! Saves exiting again and again. 🤣
@yahiamito63393 жыл бұрын
Keep up the good work 👌👍
@sand3epyadav3 жыл бұрын
You remembered your sunday box, you have mentioned, hydra was not working, because old box. You have used patator tool, but when i used hydra was working for some time really sir.....
@memedaddyzАй бұрын
how could someone come up to this manually?
@chintusharma13 жыл бұрын
Can you please provide link of challenge.
@zackma3 жыл бұрын
Is "download passwd and shadow file, then crack root password with JTR" another way?
@vosnet-cyber60143 жыл бұрын
Not really an option, because as a standard user you can't read the shadow to download it
@fowzmasood233 жыл бұрын
When will ippsec fix that Firefox Google search thing? 😂
@ssejjengoisaac51443 жыл бұрын
it's been like that almost the whole year 😂,He is a great person.
@fowzmasood233 жыл бұрын
@@ssejjengoisaac5144 no doubt on his greatness. 👌👌
@Lacsap3366 Жыл бұрын
IDOR stands for Insecure Direct Object Reference, not Direct Object Reference ;)
@Pwdec Жыл бұрын
Pls don't use the linpeas :( manual privesc :x
@pythonxsecurity82873 жыл бұрын
PLaiz Bro The Next Vidio "stacked" machine insane level Plaiz Bro Plaiz
@hadrian36893 жыл бұрын
Stacked is not retired yet. He only posts videos of retired boxes
@sand3epyadav3 жыл бұрын
Contact james hooker sir... we fared...
@thev01d123 жыл бұрын
Stacked is insane but atleast try to get the user watching walkthroughs without trying won't improve you, this is the 3rd insane box i solved without getting any help and the user isn't even that hard.
@pythonxsecurity82873 жыл бұрын
@@thev01d12 i havea shell bute a root h'is so hard
@civilengineer6103 жыл бұрын
Hello sir your channel is amazing ,i have a request from you .May you to reduce the keyboard volume ? Thank you very much ...
@ippsec3 жыл бұрын
I'll see if other people ask and try to figure something out... There isn't exactly a toggle on my keyboard to adjust sound, can try moving the mic but I'm already close to "eating the mic". I figured most people enjoy the sound, not sure why but I do.
@TsukiCTF3 жыл бұрын
@@ippsec I enjoy the keyboard asmr. Im sure lots of others as well
@padaloni3 жыл бұрын
@@ippsec I'm a fan of the mechanical keyboard sound. please dont "turn the keyboard" volume down :)