HackTheBox - MetaTwo

Рет қаралды 19,628

Күн бұрын

Пікірлер: 40

@elrich3068 Жыл бұрын

37:33 Hackers forgetting to update their tools and companies forgetting to update their packages. Never though I would have those two things in the same sentence :) Just joking great video, really like the sqlmap debugging segment.

@time_to_play_007 Жыл бұрын

Это было мощно! Спасибо!

@blackthorne-rose 3 ай бұрын

After enumerating the hell outa the file system... still can't identify what HTB wants for "what is the password manager on the remote host"?

@DHIRAL2908 Жыл бұрын

Couldn't we have just replaced the admin hash using the SQLi, and edited a PHP to get RCE?

@GajendraMahat Жыл бұрын

is it works??

@0x1sac Жыл бұрын

That's a good idea, that technique is usually called "stacked queries". It is generally not possible to do this in a traditional SQL injection vulnerability on MySQL, as you are restricted by the context of the original query. If we could do stacked queries, it would probably have worked.

@pepemunic3661 Жыл бұрын

like always, thanks man

@nuridincersaygili Жыл бұрын

Thanks for the content! When I see the foothold exploit, I expect a python script to automize the progress :)

@NeverGiveUpYo Жыл бұрын

Love your content dude

@_hackwell Жыл бұрын

I usually don't have much success with sqlmap so I end up doing the injection manually. What's the point of having a tool which needs you to specify the method and the injection point?

@randomnickname00 Жыл бұрын

I mean, injection point then you need to know it anyway, even if you do it manually. About specifying the method, you don't really have to, but it's useful if you want to try for some really specific method, working on a time based injection can really be a pain for example, so you can try to search for error based injection, union, etc.

@_hackwell Жыл бұрын

@@randomnickname00 when you provide a curl request to sqlmap , it should identify the injection point. Box creators tend to write code that fools sqlmap so one could easily miss a vulnerability relying only on the tool and that's what Ippsec showed in this video. Same goes with gobuster. I tend to use wfuzz instead

@ANTGPRO Жыл бұрын

Automatization it’s a point.

@_hackwell Жыл бұрын

@@ANTGPRO yup exactly. No tool can replace a hacker 😁

@randomnickname00 Жыл бұрын

@@_hackwell Oh, you meant this, sorry thought you were talking about the endpoint, like /vulnerable.php for example

@AUBCodeII Жыл бұрын

Ipp, you should name a box Toy Story 4

@dadamnmayne Жыл бұрын

would a hardcoded nonce be considered a vulnerability?

@tg7943 Жыл бұрын

Push!

@lonelyorphan9788 Жыл бұрын

Ippsec rocks!!! 🙂

@victorkuria4734 Жыл бұрын

using a '-p' to specify a parameter will less than likely cause sqlmap to ever fail, instead of adding a * in the request..but again you seem to not have your tools updated xD

@ammarabu5mes271 8 ай бұрын

What is the Kracken ? I am kinda lost here.

@Horstlicious 6 ай бұрын

He explained (13:18 -13:37) that the kracken is another box on his local network he uses, because cracking hashes in a vm is slow. He probably (just my assumption!) uses a gpu there.

@kalidsherefuddin Жыл бұрын

Thanks

@pranavarora250 Жыл бұрын

how did you run hashcat so fast ? Ik on VM its slow but it takes ages for me to run

@magikarpslapper759 Жыл бұрын

He's probably got it hooked up to a beefy graphics card. The difference between my CPU and my 1080 is insane.

@magikarpslapper759 Жыл бұрын

Also I think VMs need to be configured to allow GPUs to be used. If you use a GPU with the VM, I think it can't be used for the main machine at the same time.

@gandelgerlant565 Жыл бұрын

Exaclty, you need to enable GPU pass-through to have native performance

@flrn84791 Жыл бұрын

He obviously doesn't run it on a VM, but on a dedicated cracking machine...

@Horstlicious 6 ай бұрын

@@flrn84791 He explained (13:18 -13:37) that the kraken is another box on his local network he uses, because cracking hashes in a vm is slow.

@sams7888 Жыл бұрын

Next the inject machine please

@yuyu-ce4fz Жыл бұрын

Thank

@boogieman97 Жыл бұрын

Hi Ippsec, how would you do a jinja2 SSTI in an HTML email form, where length of input is max 60 characters and common characters used in a SSTI are not passing the email validation, like parentheses and square brackets, forward and back slashes. Any type of encoding / double encoding results in an internal server error.