HackTheBox - Spectra
Рет қаралды 30,390
Күн бұрын00:00 - Start
01:00 - Nmaping the box
03:00 - Checking out the web pages, discovering Wordpress
04:00 - Getting the username of wordpress by looking at the blog post author
06:30 - Running WpScan with Plugins-detection
08:25 - Finding an open directory on the testing site, accessing a backup
09:15 - Attempting to login with MySQL but cannot due to the account only being allowed on localhost
12:30 - Logging into wordpress with administrator and the devteam01 password
13:25 - Getting a shell through WordPress by editing an unused theme
15:50 - Failing to get a reverse shell...
19:30 - Using a common PHP Reverse Shell
20:45 - Discovering we are on a ChromeBook
24:50 - Discovering a password in autologin
26:30 - Using the password with local users on the box
27:10 - Logging in with Katie then seeing she can run sudo initctl
31:20 - Failing to play with init files, switching to a simpler method of testing code exec
32:15 - Putting a python reverse shell inside of init and getting root
@Jake-nh4ek 3 жыл бұрын
When you used "less" and "vim" to view the "wpscan" output, it showed the colour codes: [32m[+][0m etc. If you read the file with "less -r" it will intepret those colour codes and display the pretty colour like in stdout :)
@DHIRAL2908 3 жыл бұрын
Oh yeah I usually use "more" to see it!
@cyberfreak2268 3 жыл бұрын
Hi ippsec, your videos are bypassing the learning curve! Thanks for the efforts here I am with no basic knowledge of linux programming networking, playing HTB and learning hell new things!
@Aryan_86 3 жыл бұрын
Which software ues
@Ms.Robot. 3 жыл бұрын
Very smart choices. This is helping me in my college classes.
@sechvnnull1524 3 жыл бұрын
Amazing job as usual and learned a few additional things that I hadn't tried before! Thank you!
@oriel360 3 жыл бұрын
thank you so much for your content keep up the good work!
@k_xx 3 жыл бұрын
Excellent as always!
@medoangel8370 3 жыл бұрын
The sticky bit is called a sticky bit cause it prevents users from deleting or renaming the files in the directory that has it
@InsomniaFire 3 жыл бұрын
Nice video Ipp! Looks like the chmod would have worked but nice to see a method where a root shell hits a listener :)
@Ms.Robot. 3 жыл бұрын
Very educational. Love it.
@hackersworld2974 3 жыл бұрын
The netcat reverse shell would have worked, it's just that u forgot to see that there is an extra 10 in the IP. It was supposed to be 10.10.14.2 , you wrote it as 10.10.10.14.2 !!!
@p4nz9r60 3 жыл бұрын
I said it once and I'm saying it again: when Ippsec stops making typos in his videos, I'll stop watching his content!
@ryuparish8851 2 жыл бұрын
THANK YOU SO MUCH FOR SHOWING HOW TO DISABLE THE FIREFOX KEYWORDS!!! That has probably been the biggest annoyance in htb since macos is finnicky with dns resolution and testing domains when firefox keeps taking you to google is uber-annoying!
@MrMeLaX 3 жыл бұрын
Thank you for your work.
@bulmavegeta23 3 жыл бұрын
excelente explicación, me perdí en un para de pasos que hiciste pero buenísimo.
@kasuntechtest8871 3 жыл бұрын
Thank you .... Master !!!
@nullnull6032 3 жыл бұрын
at 19:59, from where did you get that xclip-selection command, was it copied before, or is it a shortcut you are using?
@ippsec 3 жыл бұрын
I have it in a tmux config. Think it was the attended video
@Ali-em7lo 3 жыл бұрын
Hey @ippsec you got any refenrce to make tmux easier to use since I'm trying to integrate it but it still giving me hardtime, I need something to split my pane and create new bash tab for convenience.
@wisdomovermoney3394 2 жыл бұрын
How do you setup a static ip for the reverse shell to start connection to your machine?
@S2eedGH 2 жыл бұрын
Great Walkthrough, but may I ask why you always use port 9001 in reverse shells?
@ippsec 2 жыл бұрын
Because it’s over 9000. Really no reason just a meme
@ziaratorres1988 2 жыл бұрын
At the end when i'm editing the /etc/init/test.conf i'm finding that my changes aren't being kept. . . . I have the netcat listener waiting and when I start the test service nothing happens. I stop the test job and have to re-edit the test.conf because it reverted back to the original... I'm not sure what I'm doing wrong :-(
@pwndumb2903 3 жыл бұрын
Amazing video. you put chmod +s in /bin/dash and not in /bin/bash
@ardiansyahrukua3020 3 жыл бұрын
Awesome
@harshilshah980 3 жыл бұрын
I don’t get it why you’re so underrated!!
@MiguelLopez-ox9ld 3 жыл бұрын
a hacker being organised Using OBSIDIAN! niceee
@mohameai5997 3 жыл бұрын
when i was doing this box some one remove root.txt so i gave up
@marekkozlovsky586 3 жыл бұрын
nice. I have to wonder how much easier it would be if you didn't make so many typos :) (5-octet IP address, bash x dash ...)
@ippsec 3 жыл бұрын
😂 that would explain things. But least there’s troubleshooting of things ever don’t just work
@sakthis6689 3 жыл бұрын
12:03 😂😂
@pl7771 2 жыл бұрын
can someone please explain function system($_REQUEST['ippsec']) ??
@ippsec 2 жыл бұрын
It's PHP Code, System() means run system command.... $_REQUEST gets the variable name (what is in [], in this case ippsec) from the POST or GET parameter... So your saying go get $ippsec and run it as a system command.
@pl7771 2 жыл бұрын
@@ippsec aha so in the url field you are assigning whoami to $ippsec variable, and request this variable through system(), now I got this, and this makes me happy, thank you. (Correct me if I'm wrong).
@sand3epyadav 3 жыл бұрын
We know about all method but during pentest we forget all thin
@wahabwahab2042 2 жыл бұрын
are you sure this is an easy bro !? man i felt down after i saw this job done to fix the "to be said easy " lab
@joshuavaccaro1347 2 жыл бұрын
Hey Ippsec this is the video you changed firefox setting, 11:43
@ippsec 2 жыл бұрын
Yeah I could change it back, but I’ve grown to like it
@theone4808 3 жыл бұрын
IppSec Sensei
@NatabuAzamari 3 жыл бұрын
31:05 you chmod /bin/dash then ls /bin/bash. oops :)
@asiffaizal6158 3 жыл бұрын
Thanks man
@grzegorztlusciak 2 жыл бұрын
Great vid as usual! Just small thing: 09:16 - the login was “devtest” but you wrote “devteam” 31:16 you said "bin/dash" but wrote "bin/bash"
@evke 3 жыл бұрын
you could got shell with just chmod +s /bin/bash and ls -la /bin/bash
@udaybalaji185 3 жыл бұрын
Hi bro I'm. Pure beginner so from where should I start
@aravbudhiraja 3 жыл бұрын
INE's free starter pass is really gud for beginners :)
@princethilak6213 3 жыл бұрын
Believe me just start, you don't need to be ready to start, just dive into main topic like how am I going to exploit this, then explore the ways, and learn how it works, its far greater than learn basics first cause u don't know where to apply, where we can use!
@aminhatami3928 3 жыл бұрын
Hi ipp. Please compelete rope 2. I really like to see your method for it.
@dskho 3 жыл бұрын
Hi ippsec,can I know the tool’s name that you take notes?
@vonniehudson 3 жыл бұрын
Obsidian
@roieshmuel7314 3 жыл бұрын
The shell didn’t work because of the ip 😂😂 17:40 happened to all of us
@TrapFenix 3 жыл бұрын
i'm just new to hacking how i can study it and what is the best certifications i can get i don't have any knowledge about network or web application
@Aryan_86 3 жыл бұрын
Which software ues
@user-ov4so1bw7q 3 жыл бұрын
มีแฟนยังครับ
@k4id095 3 жыл бұрын
Hi first comment
@sreyanchakravarty7694 3 жыл бұрын
Cool.
@michaelod8841 3 жыл бұрын
@@sreyanchakravarty7694 NOT cool
💀Skeleton Ninja🥷【にんげんっていいなチャンネル】
Рет қаралды 8 МЛН