HackTheBox - Kotarak
Рет қаралды 30,900
Күн бұрын
@hellsingx1 4 жыл бұрын
I learn a lot with your videos. Nice job
@ShabazDraee 4 жыл бұрын
when trying to parse the ntds using impackets, for me gets stuck at the Target system bootkey and doesn't finish it off ....
@roninjanjira9687 6 жыл бұрын
I have a problem running impacket....it keeps telling me I need 4 arguments no matter how many arguments i put
@SuperDanut 4 жыл бұрын
Great stuff ! Thank you, Sir!
@spaffhazz 3 жыл бұрын
after getting and upgrading the shell is anyone experiencing the shell freezing or slow in response?
@Retr0Kid 6 жыл бұрын
I recommend for the next box either Minion or Tally. Also thanks for the video it better helps me understand how CTFs work which I'm finding very fun to do and less frustrating now.
@ippsec 6 жыл бұрын
Only do retired machines, which is based upon difficulty/release date. The ones you mentioned are close to retiring but won't be next.
@m10xde 6 жыл бұрын
Is there a way to know which machine will be retired next, before the announcment when a new machine will come?
@Retr0Kid 6 жыл бұрын
m10x.de ya if you click on the machine it should say how old it is I cant remember how long until it's retired but the one on top of list gets close to being retired
@ippsec 6 жыл бұрын
@m10x.de nope. The announcement of new page is when the retired machine is set in stone. My "early information" isn't always correct, that's why I accidentally recorded Kotarak 2 weeks ago and was briefly posted before Node
@Retr0Kid 6 жыл бұрын
IppSec ah thanks dude
@aaryanbhagat4852 3 жыл бұрын
I would like to know your understanding, if I would have done an all port scan using nmap I would have not thought of doing an all port scan again using ssrf, what makes you think "I should enumerate ports again using ssrf"?
@gilfer88 5 жыл бұрын
Is "authbind" something that is commonly installed on tomcat servers? How would one know if authbind is installed?
@CAlex-yk5bg 4 жыл бұрын
what linux command tells you which version of a program you are running? more importantly, think about as an administrator when you might want to give users the ability to open ports but don't want to give that user full admin rights. Web server might be a common version of that.
@wutangdaug 4 жыл бұрын
@@CAlex-yk5bg I am having the exactly same wonder. Now, I thank you for point it out, I need a different view to think as an admin, that is a really awesome prospective to help me hacking. Thank you so much. BTW, what do you mean by your first sentence? Are you suggesting I should've check tomcat version where I can get a hint for authbind?
@shankaranarayana4825 4 жыл бұрын
@@wutangdaug he is saying run "authbind --version" to answer "How would one know if authbind is installed?". Looks like authbind is a common program. It might've showed up if you ran LinEnum.sh or something.
@shankaranarayana4825 4 жыл бұрын
But --version does not seem to print out the version of auth bind. "man authbind" shows the manpage. But there is no command to print its version. Anyhow the point was to find out if it exists on the system and just running the command "authbind" confirms that it is installed.
@gilfer88 5 жыл бұрын
Also, having a hard time understanding setting the listening IP to 0.0.0.0? Why is this viable for the exploit to work?
@ippsec 5 жыл бұрын
It would help if you linked to the time. My best guess is the IP Address was set to the IP of eth0, however HackTheBox utilizes tun0. Setting it to 0.0.0.0 just says all interfaces.
@mattlebutter9162 4 жыл бұрын
Well if that's representative of OSCP exam's machines this is going to be tough
@wardy540 3 жыл бұрын
its not
@brandonevans5123 2 жыл бұрын
I have been thinking the same thing... Did you ever sit for the OSCP?
@waterlord6969 2 жыл бұрын
There was listed a service AJP on port 8009. This might indicate that the website might be vulnerable to ghostCat - basically LFI. Can be exploited to get Tomcat passwords
@brandonevans5123 2 жыл бұрын
I don't think this actually works in the box -- yes it is vulnerable to Ghostcat but the only file that should be able to be leaked is /WEB-INF/web.xml. Everything else is restricted.
@hozaifaowaisi1250 6 жыл бұрын
is your name ippSec because you wanted to make IPSec more secure by adding one more p (Protection)
@ippsec 6 жыл бұрын
Nope. Ipp's just a name i use online, but hard to register due to 3 characters either being registered or not allowed.
@striple765 5 жыл бұрын
tbh this was a nice and hard box not what you are thinking :3
@sakyb7 6 жыл бұрын
Awesome one
@aiden287 6 жыл бұрын
I feel like I saw this video just the other day... Briefly ;)
@DavidThomsenPhD 6 жыл бұрын
Whats that addon/extension for firefox you use for the proxy?
@DavidThomsenPhD 6 жыл бұрын
Found it, FoxyProxy
@Honker1337 6 жыл бұрын
There's a video of yours that has a bit in where you're running an audio analysis on a file for steganography. I am trying to find it as I cannot remember the name of the tool you used for that?
@viorage2293 5 жыл бұрын
Check out Shrek
@km0x905 6 жыл бұрын
👏👏👏
@THOTHO-ie5lz 5 жыл бұрын
does SimpleHTTPServer tell you the user agent info? kzbin.info/www/bejne/aWnIXqauhbycq7s i tried to my firefox to browse it, but it always return '- -' without user agent info.
@othellomoro9658 6 жыл бұрын
tmux in tmux ... we need to go deeper ! How about fibonacci spiral made of panes? ;) good vid btw!
@celticfans1 Жыл бұрын
is nc on the box? you literally just used it to send the files over :)
@ippsec Жыл бұрын
I’d guess Regular nc, not the one with a -e flag. Comes with tcpdump I believe
@celticfans1 Жыл бұрын
18:29 all you check is nc right?
@somerandomwithacat750 Жыл бұрын
You mentioned log poisoning when you get a callback from the server early on. You were running a python web server and mentioned that you didn't see a useragent so you deduced that log poisoning wasn't the solution. Python web server doesn't show useragents, iirc. Netcat does. If you want to test for usersgents or to get more info when a server calls back you should run both netcat and python
@salluc1712 4 жыл бұрын
you are so smart
@goebbelsx 6 жыл бұрын
I think the best way to do full port range scan is to use masscan tool, isn't it? I just wonder. You always use nmap for full port scan. masscan is much faster. Correct me if I'm wrong, I'm just a regular guy :D
@ippsec 6 жыл бұрын
Massscan can cause some issues in a VM and saturate network links. I generally use it if I'm looking for a particular service across a large network. However, for a port scan I prefer to do nmap which has retries and such built in to help ensure accuracy. For single hosts, I'd prefer to wait the few minutes and have an accurate scan.
@abhishekchaudhari970 6 жыл бұрын
Thanks again for nee video Ur every video teaching me something new. Keep it up..👍👍
@yashkumar2716 6 жыл бұрын
how can i contact u
DEFCONConference
Рет қаралды 52 М.
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 3,2 М.