HackTheBox

HackTheBox - Cap

Рет қаралды 23,531

Күн бұрын

Пікірлер: 44

@spencerroth7885 3 жыл бұрын

Hey Ippsec, one thing that you didn’t mention when doing code review of the flask app (before linpeas finished running) you can see that the ‘command’ variable is actually set to “Python3 -c ‘import os; os.setuid(0) …’” since we know that tcpdump needs to run with root permissions this would be a direct giveaway that Python has suid capability without needing to ever parse through all of the linpeas output :) great vid!!

@skinnyelephant7351 3 жыл бұрын

what can one do with this information ? “Python3 -c ‘import os; os.setuid(0) …’” didnt get your point ?

@berndeckenfels 3 жыл бұрын

@@skinnyelephant7351 it means the process sets effective user to root, which it can only do if running suid already

@vosnet-cyber6014 3 жыл бұрын

There's even a comment in the code suggesting that the way they are doing it is a "hacky solution". So gives you more of a clue this is what you need to look at. I didn't use linpeas when doing this box personally because of finding exactly what Spencer is saying in the code.

@jameslee6284 2 жыл бұрын

Great video Ippsec - thank you so much for the detailed overview, your breakdown including basics for each video is really helpful too.

@player-admin 3 жыл бұрын

video under 30 minute took me 2 hours to google stuff i didnt knew about, great content as always

@pradohimself 3 жыл бұрын

The follow TCP stream blew my mind. Thanks ippsec

@CurrentlyObsessively 3 жыл бұрын

Hey Ippsec, you have used the oA flag for nmap in many, many videos and I was wondering if you had ever done a video that required one of the other two extensions? I can see the obvious guess as to where they'd be useful, but I am curious whether or not you had done a video for an example of such a case.

@TsukiCTF 3 жыл бұрын

I took a break from HTB but still watching ippsec :^)

@howtobecometoolkit 3 жыл бұрын

same

@albrmagawi 3 жыл бұрын

He is too fast that the Machine isn't even retired 😂😂

@oriel360 3 жыл бұрын

great content as always thanks for the vid

@lawaace1056 3 жыл бұрын

Great work as usual dude , hope u do a Q&A some time . Thanks

@aaryanbhagat4852 3 жыл бұрын

Nice video, will you ever do a Q&A.

@Mr_Chr1S_0 Ай бұрын

Thanks man. Fantastic videos

@wizcactus2223 3 жыл бұрын

How many years it took for you to understand this.i can see you know where to look for and what things need to be looked.

@pa-vl1kg 3 жыл бұрын

Hi ippsec, 05:39 in django you can disable admin from the setting, so I would keep that in mind when guessing flask or django.

@ippsec 3 жыл бұрын

Thanks! Not sure I've really seen anyone do that ha.

@theplant4046 2 жыл бұрын

At 11:07 what the different between ftp and ssh they look same to me

@skyfeelan Ай бұрын

- ftp is only for file transfer, with ssh, you can do so much more - yeah they look similar, ftp will have ftp in the console, while ssh will show username and IP

@clarb027 3 жыл бұрын

You can move to the next TCP stream without having to close it each time! Saves exiting again and again. 🤣

@yahiamito6339 3 жыл бұрын

Keep up the good work 👌👍

@sand3epyadav 3 жыл бұрын

You remembered your sunday box, you have mentioned, hydra was not working, because old box. You have used patator tool, but when i used hydra was working for some time really sir.....

@memedaddyz Ай бұрын

how could someone come up to this manually?

@chintusharma1 3 жыл бұрын

Can you please provide link of challenge.

@zackma 3 жыл бұрын

Is "download passwd and shadow file, then crack root password with JTR" another way?

@vosnet-cyber6014 3 жыл бұрын

Not really an option, because as a standard user you can't read the shadow to download it

@fowzmasood23 3 жыл бұрын

When will ippsec fix that Firefox Google search thing? 😂

@ssejjengoisaac5144 3 жыл бұрын

it's been like that almost the whole year 😂,He is a great person.

@fowzmasood23 3 жыл бұрын

@@ssejjengoisaac5144 no doubt on his greatness. 👌👌

@Lacsap3366 Жыл бұрын

IDOR stands for Insecure Direct Object Reference, not Direct Object Reference ;)

@Pwdec Жыл бұрын

Pls don't use the linpeas :( manual privesc :x

@pythonxsecurity8287 3 жыл бұрын

PLaiz Bro The Next Vidio "stacked" machine insane level Plaiz Bro Plaiz

@hadrian3689 3 жыл бұрын

Stacked is not retired yet. He only posts videos of retired boxes

@sand3epyadav 3 жыл бұрын

Contact james hooker sir... we fared...

@thev01d12 3 жыл бұрын

Stacked is insane but atleast try to get the user watching walkthroughs without trying won't improve you, this is the 3rd insane box i solved without getting any help and the user isn't even that hard.

@pythonxsecurity8287 3 жыл бұрын

@@thev01d12 i havea shell bute a root h'is so hard

@civilengineer610 3 жыл бұрын

Hello sir your channel is amazing ,i have a request from you .May you to reduce the keyboard volume ? Thank you very much ...

@ippsec 3 жыл бұрын

I'll see if other people ask and try to figure something out... There isn't exactly a toggle on my keyboard to adjust sound, can try moving the mic but I'm already close to "eating the mic". I figured most people enjoy the sound, not sure why but I do.

@TsukiCTF 3 жыл бұрын

@@ippsec I enjoy the keyboard asmr. Im sure lots of others as well

@padaloni 3 жыл бұрын

@@ippsec I'm a fan of the mechanical keyboard sound. please dont "turn the keyboard" volume down :)

@player-admin 3 жыл бұрын

@@ippsec the keyboard is amazing :]

@b3twiise853 3 жыл бұрын

@@ippsec I loooove the sound of a keyboard