HackTheBox - Ready

Рет қаралды 19,598

Күн бұрын

Пікірлер: 69

@EugeneTolbakov 3 жыл бұрын

"You guys like watching me struggle in this troubleshooting" Absolutely! It makes your videos much more exciting and personally, I've learned a lot especially from that bits! Thanks!!!

@MrTalhaarshad 3 жыл бұрын

Agreed

@maoropizzagalli4153 3 жыл бұрын

Thanks for your time and effort

@MrTalhaarshad 3 жыл бұрын

Its better to leave obsidian ! You are great, Man I love the way you handle.

@lynnlee5685 3 жыл бұрын

that gasp on 32:45 was funny

@hadrian3689 3 жыл бұрын

Oh my gooseeggs!! Totally missed that root password when I was doing this box. Thanks for the lesson ippsec!

@Gary-tp9dk 3 жыл бұрын

That was beautiful, I enjoy watching you figuring out how to prepare the POC payload..See you on the next video.

@zoes17 3 жыл бұрын

10:53 When you're not logged-in to Github, it doesn't have an SSH key on file for you so you don't see the SSH tab on the code download button.

@TheBrutaline 3 жыл бұрын

I am missing the Obisidian notes. But no worries if it's too much of a hassle.

@MrTalhaarshad 3 жыл бұрын

It makes video longer. and I lose the concentration due to obsidian.

@bidkonic 3 жыл бұрын

32:44 is me every time I successfully get some sort of shell on a box

@AUBCodeII 2 жыл бұрын

He sounds like Sheldon Cooper

@rozbrajaczpoziomow 3 жыл бұрын

Ready, set, go!

@rjceledon 2 жыл бұрын

For some reason the gitlab exploit is not working for me anymore, not sure what's going on but I've tried everything

@lumenknotty6355 Жыл бұрын

Dude I cannot get it to work either. I think there might be something wrong with the box, I walked through this video twice and still no dice. I then found the one liner, the exploit.py specifically for this box, and still nothing. It is executing correctly, and I also can verify the rev shell on my own box. Very annoying.

@tech0494 3 жыл бұрын

Love u struggling, I learn a lot ❤️🔥

@wkppp4732 3 жыл бұрын

Hahaha after knowing your exploit works for a long time is so damn satisfying

@z3us123 3 жыл бұрын

Amazing video like always. (y)

@sakthis6689 3 жыл бұрын

Hello ippsec!

@ameersabbah6407 3 жыл бұрын

Amazing Videos

@jacobwarners887 3 жыл бұрын

Coodels to goodels!

@shiffterCL 3 жыл бұрын

badass!

@LESLEYYY0 3 жыл бұрын

The docker compose only mounts the volumes in specific directories. Why is the whole disk mountable? Does that mean any docker container with root + volumes can be escalated?

@ianmoone2266 3 жыл бұрын

That Haa at 32:45 though. I can relate

@karthiksidhu7999 3 жыл бұрын

I think this was the first time you unknowingly got shocked by seeing the reverse shell.. 32:44

@iote56_laveshpashte99 3 жыл бұрын

great

@michaela5586 3 жыл бұрын

Is the stream gonna be reuploaded? Missed it

@aaxx1e7 3 жыл бұрын

Yea he ll upload on monday

@pratikmaity99 3 жыл бұрын

Thanks

@amanrawat1337 3 жыл бұрын

Can you please make a tutorial on windows privilege escalation. I am facing difficulties in understanding windows privilege escalation.

@900dm4n 3 жыл бұрын

Which keyboard switch you are using?

@masamune5710 3 жыл бұрын

Im new to this, if the import sends a req back to your local machine, how to the commands get interpreted by the server instead of being sent back to you in the request?

@girishpadia6449 3 жыл бұрын

Very interesting. Could you please list out the scripts you have used?

@shayboual1892 3 жыл бұрын

I ran linpeas on this box, and it never picked up the opt/backup folder. Does that mean that someone who previously rooted it deleted it just to mess with people? Or is there something i did wrong. And if it is number 1, would you recommend resetting any box before you attempt to hack it?

@nikohegeheiskanen 3 жыл бұрын

Did you manually check if the directory exists and what version of lineapeas are you running

@shayboual1892 3 жыл бұрын

@@nikohegeheiskanen no I did not, and version 2.8.4

@shayboual1892 3 жыл бұрын

@@nikohegeheiskanen it found the other 2 keyring folders. Just not opt/backup

@nikohegeheiskanen 3 жыл бұрын

@@shayboual1892 well you should probably check if the directory is there first :D and I'm not sure what's the latest version but just make sure that's what you are using

@shayboual1892 3 жыл бұрын

@@nikohegeheiskanen it isn't the latest version, since ippsec is running 3.1.9 in his so maybe it was that. But it does check for keyrings so I don't think so, since it picked up the other 2. Either way I'll make sure to keep my scripts updated next time

@DD-hn2jr 3 жыл бұрын

Hi @ippsec saw the stream why don't you use webcam to record ur face too And also what's the reason for the sudden face reveal today

@rozbrajaczpoziomow 3 жыл бұрын

Wait I missed the stream, was there a face reveal?

@BECSE-SSubiramaniyan 3 жыл бұрын

@@rozbrajaczpoziomow in twitch twitch/Hackthebox

@DD-hn2jr 3 жыл бұрын

@@rozbrajaczpoziomow no but in the twitch stream on hacking battleground hosted by ippsec and Hammond . ippsec showed his face

@ippsec 3 жыл бұрын

Because I don’t like to have webcam up constantly? When showing things I don’t like thinking “does my face cover this part of the screen?”

@rozbrajaczpoziomow 3 жыл бұрын

@@ippsec Oh yea I remember John Hammond has this problem sometimes.

@berndeckenfels 3 жыл бұрын

Instead of filtering the address strings, it’s smarter to filter the resolved addresses for localhost. Then you still have to deal with v6 but it’s automatically normalized

@SweatSculptSucceed 3 жыл бұрын

I did this box with zap proxy nick. It felt like i was cheating on a girlfriend not using burp LOL!! great video as always and super professional

@davereviewsyt 3 жыл бұрын

Why are you acting stupid. I know who you are. Mr hacker

@passerby184 3 жыл бұрын

wonder where user.txt would be - iirc HTB had user.txt and root.txt flag per box?

@nikohegeheiskanen 3 жыл бұрын

If I remember correctly the user.txt file was in the docker container in some users home directory

@basictodynamic6590 3 жыл бұрын

you are not giving space after pipe | that's why ping is not working 25:39

@roadtoroad7196 Жыл бұрын

Hi can anyone help me i am trying to solve the box. but when i am trying run the whoami command i am not getting any response back nor any connections is getting created to my system.