HackTheBox - Shared

Рет қаралды 20,325

Күн бұрын

Пікірлер: 23

@ejnixon Жыл бұрын

first. thx ippsec for all you do. your videos were a big help to my learning. I just finished oscp and am doing htb cpts now

@sitandstand5469 Жыл бұрын

Is there any bufferoverflow on the exam?

@ianmusyoka9717 Жыл бұрын

Am starting oscp in a month... How was the exam if it's okay to ask did you pass?

@ejnixon Жыл бұрын

@@ianmusyoka9717 i did pass

@ejnixon Жыл бұрын

@@sitandstand5469 there can be . best to be prepared for anything in course material

@joewharton7735 Жыл бұрын

Surprised nobody said this yet but congrats on the pass. Oscp is big 👌👏

@TidyDawg Жыл бұрын

It's incredibly inspiring how knowledgeable and calculated you are, thanks for another awesome walkthrough. I'm aiming for OSCP in October next year so my plan is to work through your videos taking notes and then try the boxes the next day to see if I can complete them, I'm studying on the side also.

@yudistiraarya7435 Жыл бұрын

great video as always!

@fufu_btw Жыл бұрын

One of the greatest box I rooted on HTB ! 😀 Still a great video from ippsec 😉

@SomeGuyInSandy Жыл бұрын

I learned something, thanks :)

@rdx8122 Жыл бұрын

Nothing is 100% secure, everything and every service on the internet is vulnerable from some or the other vulnerability, but its just our white hat's attack that lacks perfection somewhere, and this thing is proved by our sir 😂❤✌16:59

@FMisi Жыл бұрын

I enjoyed rooting this box. Forgot seems interesting too

@frontpage11111 Жыл бұрын

great done

@UmairAli Жыл бұрын

I have a question about SQL injection, can we use any statement other than "select" ? I mean for Example you found a sql injection but what if the select keyword is not allowed for the current user? can we not inject the website using insert into etc?

@ippsec Жыл бұрын

Your injecting into a select statement to begin with. Could search Ippsec.rocks for sql inject update to see it there.

@AUBCodeII Жыл бұрын

Yes, you can. You can train this on the box CAP from HackingClub

@UmairAli Жыл бұрын

@@ippsec please do clear this to me as a developer, if I am using mysqli_query(); function and write this: mysqli_query("select * from products where product_cat_id=1"); and when as an attacker I am injecting the parameter id=1, so this means ofcourse we are injecting into a select statement, like you're doing at 14:40, but on 14:40 , you wrote "select group_concat" means here you used the select keyword, so my question was that can we use any other keyword instead of select? like insert into () ? or update() ? this I asked because I wanted to know that is it possible that we can update or insert data using these keywords ,after breaking the query ?

@UmairAli Жыл бұрын

@@AUBCodeII link please :)

@ippsec Жыл бұрын

@@UmairAli No. Within a union statement you are limited to select.