Wow, I really thought the admin session stealing was the intended way and Pwnkit was the unintended, the more you know! Thanks for the video!
@iamnoob72672 жыл бұрын
Lots of love from a oscp dreamer boy from india...... 💌
@danjo1332 жыл бұрын
Great video as always! Would recommend the tool 'q' for writing sql queries against csv-like files/output, very powerful! Nice tip with snmpbulkwalk, I just found what I wanted in the nmap sC output and stopped there. :)
@blankdash_80872 жыл бұрын
Hey ipp, you've made quite some improvements in the way you present. Specially with the font size, If you can change the font to FIra Code Semi Bold the appearance will look much nicer. Moreover fonts like FIra Code, COmics Sans help people with dyslexia and astigmatism read more clear and reduce their chance of getting a head ache while watching your videos.
@h4cker2 жыл бұрын
You deserve more than million subscribers 🙂❤️
@AvinashKumar-fe8xb2 жыл бұрын
why did you put "data"(id_usuario|s:5:"admin";) column in 3rd place(select 1,2,data). when sqlmap is clearly is showing it's 2nd column. Isn't it logical to follow correct column match. I struggled with it that's why asking. After matt login we can confirm that data is actually 3rd column in database, somehow sqlmap shows it in the incorrect order. Post root insights were useful for why this box was so weird.
@readysetexploit2 жыл бұрын
I had the same question. If you look at sqlmap, as the information is being printed out vertically at first, it displays the columns correctly. But once they actually get printed out, sqlmap places them incorrectly. I am not sure why it happens but it could be one of those “don’t always trust automated tools”
@Xx-nd1rs Жыл бұрын
you could try 'trial-and-error' and put the 'id_usuario|s:5:"admin";' in the first and second column you will see it gives you 'Access is not granted' .
@rakutenleo50572 жыл бұрын
That's really great video and the detail explain about the step, thanks for this video. but I have one question about the final step in create ssh connection, why the 'sudo -l ' can execute after ssh connect but it will failed when using php reverse shell ? thank you .
@yurilsaps2 жыл бұрын
Loved so much this box
@blackthorne-rose2 ай бұрын
O.k. at 21:16 i have no idea what you did there... "if squiggly C is the first line on your ssh prompt"??? HUH? how did even get an ssh prompt there?
@securiti2 жыл бұрын
Thanks for the content, ippsec and for sharing your knowledge with the community! The machine was pretty straightforward. Personally, I've struggled with the inital foothold, because I've skipped the UDP scan in the enumeration phase. Finding the unauthenticated exploit / blog post the hardest part of the box imo. Interesting! Didn't know about the unintended path via admin session stealing. Cheers
@blackthorne-rose2 ай бұрын
I went and uncommented "EscapeChar ~" in my ssh_config file, and restarted the ssh session... however doing the ~C sequence simply leads to a message "commandline disabled"...
@angeltodorov4577Ай бұрын
yeah bro idk either
@lucasrodriguez37952 жыл бұрын
hey ippsec, you think you could install or create something that logs all the commands you do? sometimes i like to talk about you with some of my friends and showing what commands you use can be frustrating to find. thank you
@recon0x7f162 жыл бұрын
how are you connected to pandora i cant figure out how to do this
@massylii2 жыл бұрын
Love u man
@servermadum7297 Жыл бұрын
yes it is easy box :)
@qd25002 жыл бұрын
thanks a lot bro
@Xx-nd1rs Жыл бұрын
thanks appsec you’re the best as always. is there a way to find 'id_usuario|s:5:"admin";' without sqlmap? since it is not allowed on the oscp.
@muhammadghareeb3992 жыл бұрын
nice
@plushplush76352 жыл бұрын
ok got my answer about ssh mode
@FrancescoBellei2 жыл бұрын
I don't get it, can u explain? How did he get the ssh mode and which keys should I press? thx :)
@plushplush76352 жыл бұрын
you press ~ then C
@ChristopherPelnar2 жыл бұрын
@@FrancescoBellei It wasn't working for me at first. Then I entered in "ssh ~C" and pressed enter. The result was an error message: "ssh: Could not resolve hostname ~c: Name or service not known". Immediately after that I just typed "~C" and without pressing enter, I was taken into the "ssh>" menu. Weird and I don't know why, but it worked.
@ssfdf77512 жыл бұрын
First!
@FMisi2 жыл бұрын
05:10 - Using nmap to scan NMAP you mean SNMP
@iwanabemw2 Жыл бұрын
"Easy" Box
@razmjumehdi90692 жыл бұрын
Excuse me. I can't find the "Pandora Room". Please send me the Room ;)
@blackthorne-rose2 ай бұрын
so... i'm doing the port forward in my initial ssh command... we'll see how this goes... lol
@blackthorne-rose2 ай бұрын
yep. wonder wtheck is wrong with my escape character business..
@ellerionsnow33408 ай бұрын
When you dont have strings: grep -a -Eo '[[:print:]]{4,}' filename
@yurilsaps2 жыл бұрын
usuario can be Spanish or Portuguese ;)
@kosmonautofficial2962 жыл бұрын
ayo
@rozbrajaczpoziomow2 жыл бұрын
Haiio
@sand3epyadav2 жыл бұрын
Wawoo, blacklisted....
@x.plorer2 жыл бұрын
Please make shorter videos, 1 hr is huge 😥
@r4nd0m4rest Жыл бұрын
Thank you for this and all your videos @IppSec. I am running into problems with the public-private key usage for the user matt. I have followed your steps multiple, but whenever I try (ssh -i matt matt@10.10.11.136) to ssh from my Kali machine to Pandora machine using the private key I created it always asks for a password. Has anyone else ran into this problem? Any help from anyone would be greatly appreciated.
@Cyber-Mantra6 ай бұрын
Yes, i am facing the same problem..Even reset the machine a coupe of times but not sure why its not working...
@plushplush76352 жыл бұрын
yes snmp ! when printer has "Access" as "50 00 41 00 53 00 53 00 57 00 4f 00 52 00 44,00,00,00"