Hey ipp, I just wanted to say thank you soo much for making these videos.
@gao6455 ай бұрын
I don't need to use any CVE in zoneminder users, just exploit misconfiguration in its web services
@AUBCodeII5 ай бұрын
SpongeIpp SecPants
@bread_girl_jane5 ай бұрын
no no it’s ippbob secpants how did you mess that up
@AUBCodeII5 ай бұрын
@@bread_girl_jane IppBob: an Ipp named Bob SpongeIpp: a sponge named Ipp
@zauthentiqz-_11885 ай бұрын
How do I get better at privelege escalation?
@AUBCodeII5 ай бұрын
By studying lots of walkthroughs and practicing on lots of boxes. I have a privesc checklist and I update it whenever I learn of a new privesc vector. I usually learn new privesc vectors on this channel.
@pugglecorn10855 ай бұрын
With nmap you can just do -sCV and achieve the same effect as -sC -sV
@Heisenberg6965 ай бұрын
use kali Just once just once please
@dadamnmayne5 ай бұрын
with htb machines, you never see creds in environment variables; you'd think this would be a thing.
@AUBCodeII5 ай бұрын
Analytics had creds in environment machines
@dadamnmayne5 ай бұрын
@@AUBCodeII thanks. ill check it out
@spandexvortex10975 ай бұрын
Hey Ipp, just a question. Around 40:00, when you were trying to priv esc by setting SUID bit to the bash binary in /tmp, I think the you copied the binary as zoneminder user. Maybe that's the reason it did not escalate to root?
@AUBCodeII4 ай бұрын
That and also because he ran "/tmp/bash -i" instead of "/tmp/bash -p"
@NatteeSetobol5 ай бұрын
I totally missed getting access to Matthew and went straight Miner using chisel and the miner exploit to get shell. I couldn't figure out root but I could of gotten points for users T_T. I should always remember to always check the input first, like you said in this video, nice, and thanks!
@AUBCodeII4 ай бұрын
1:06:48 we're still watching the video because we like you and you rule!
@gespoL-5 ай бұрын
Se garantiu doido
@AP-rv6kk5 ай бұрын
Great video! How many MH/s can you get on your kraken machine while cracking md5 hash?
@Progressive_Entrepreneur5 ай бұрын
around min 38, when you were trying to priv esc, why did you move the bash file ? and how using it make you root ? you didn't really explain that
@AUBCodeII4 ай бұрын
He copied the Bash binary to /tmp because usually you don't want to change the permissions of the actual binary, be it during a CTF or while doing a shared box, because other competitors may piggyback on your work and get root easily, or during a pentest, because you may forget to unset the permissions. As for the second question, you can become root with Bash by running the command "bash -p". The option "-p" means to run Bash in privileged mode. However, this only works if: 1) The binary is owned by root. If it's owned by another user, say matthew, "bash -p" will start a shell as matthew. You can check who owns a file with the command "ls -lath". 2) The binary has the setuid bit set. If the binary doesn't have the setuid bit set, "bash -p" will start a shell as the same user that ran the command. You can set the setuid bit of a binary with the command "chmod u+s ".
@george___435 ай бұрын
😊
@tg79435 ай бұрын
Push!
@GajendraMahat5 ай бұрын
i was waiting from a long time
@Vee70295 ай бұрын
HOW DO YOU EVEN PLAY HACK THE BOX
@CircularArc5 ай бұрын
Yeah tell me too
@GajendraMahat5 ай бұрын
Great video ❤❤
@sand3epyadav5 ай бұрын
Ippsec sir i was doing usage.htb box but unable to cracked within 1 hour i watched every video but why? How to strong penetration testing step plz reply sir