HackTheBox - Valentine
Рет қаралды 61,197
Күн бұрын00:25 - Start of Recon, identifying end of life OS from nmap
03:20 - Running vulnerability scripts in nmap to discover heartbleed
(In video on Blue, I go a bit more in NMAP Scripts. • HackTheBox - Blue )
04:16 - Going to the HTTP Page to see what it looks like
06:30 - Begin of Heartbleed - Grabbing Python Module
07:13 - Explaining Heartbleed -- XKCD ftw
10:15 - Explaining and running the exploit
13:40 - Exporting large chunks of memory by running in a loop
14:10 - Finding an encrypted SSH Key on the server
15:35 - Examining heartbleed output to discover SSH Key Password
17:45 - SSH as low priv user returned
21:55 - Finding a writable tmux socket to hijack session and find a root shell
23:50 - Alternative Privesc, DirtyC0w
@raycharles6240 3 жыл бұрын
Thank you for your service, sir. I can't thank you enough for going the extra mile and explaining why some things are the way they are (ssh naming convention - I had no idea). I am extremely grateful!
@its-me-dj 4 жыл бұрын
Spent a lot of time and couldn't figure out the name of the SSH user, until I watched the video... omg.
@TaylorSwifty69 4 жыл бұрын
thank you so much! currently studying for OSCP, this content is saving my life.
@younesmohssen8158 3 жыл бұрын
Did ya pass?
@spaff_hazz 3 жыл бұрын
hows it going?
@oblivionronin 4 жыл бұрын
RSA Key hex coded left on an web accesible page, i loled. Great video !
@abhishekchaudhari970 6 жыл бұрын
This was my first box enjoyed alot 😘😘 thanks again for video
@hamzagondal8217 6 жыл бұрын
Learnt so much. Its the little things that matter.
@arbazfarooqi5050 6 жыл бұрын
Thanks for the video mate !
@vladimirivanov2746 6 жыл бұрын
great video ippsec :))
@coolergappney1943 Жыл бұрын
Doesn't work, followed this and the walkthrough on HTB to a Tee and it ask me for a password after I input the passphrase
@johnclement5740 4 жыл бұрын
Is the heartbleed exploit completely random snapshots of memory or is there anything you can do to point it more towards a particular piece of memory. For example if you want to grab the rsa key like he did in the video.. would opening the rsa key file in your browser point the context of heartbleed closer to seeing the hash of the rsa key?
@alexan2250 Жыл бұрын
Thank you Sir.learned a lot.
@candyyyq 20 күн бұрын
Man you are truly amazing
@saigeconstantin481 6 жыл бұрын
I can only ever get the user on any box and i get lost after that. These videos help alot
@zephyfoxy 6 жыл бұрын
Google "priv esc cheat sheet", it's a good place to start when you want to get root
@MrEezme 6 жыл бұрын
This comment isn't about video but about sqlmap request. There is a way to save POST login request from burp. Send it as usual and then Proxy/HTTP history right click on request and save item , so you don't have to edit it in vim :)
@agc5462 3 жыл бұрын
anyone can tell me why I try to encode a php command execution and decode it, and the output of the decoding page didn't execute it?
@kyleh204 6 жыл бұрын
Cool I used dirtycow and didn't ever go back to this machine, totally missed that tmux privesc
@tigr8787 6 жыл бұрын
Kyle Hannon same here.
@tigr8787 6 жыл бұрын
I get that kernel sploits aren't the go-to, but it was obvious it was vulnerable. It only takes like 4 minutes to completely reset the box. Also, the box had ssh, so it's not like I killed any ones long fought persistence.
@TOn-fx2gr 6 жыл бұрын
The link to nmap video pls
@werdna_sir Жыл бұрын
As the encoding/decoding is running on the back-end, this site is vulnerable to XSS attacks. Although I wasn't able to achieve anything useful doing so.
@sajansisodiya9848 5 жыл бұрын
bro where are you from ?
@TOn-fx2gr 6 жыл бұрын
Where did you got ip adresse that you used on nmap on the beginning ??
@Mathiasx2288 6 жыл бұрын
Do you mean the machine he is attacking? it is from a site called HackTheBox...
@TOn-fx2gr 6 жыл бұрын
Logynymo yeah my bad i didnt now that thank you
@disasterromio 6 жыл бұрын
3:28 could you give us the link for nmap scripts video ! great work as always
@Ali-xx9sj Жыл бұрын
I am not seeing any reference to nmap scripting engine in the description?
@paired7815 5 жыл бұрын
thanks
@skyone9237 6 жыл бұрын
Hii Ipp m ur huge fan...I have come across your most of the videos..i use your videos as Bible for my prep..Ihave one question in oscp exam we cannot use burp pro version and it's not easy for students to buy 350 dollars tool... Can u guide us how can we use zap or any other open source tool for the task which we can do with burp pro.
@ippsec 6 жыл бұрын
I don’t use any features that are not in burp free
@mikewollmann 2 жыл бұрын
ubuntutututu killed me 1:00 :'D
@MrBacabro 6 жыл бұрын
That was an interesting machine, i got root last month
@behnamanisi1 5 жыл бұрын
bro you need to use " python heartbleed.py -x -v -p 443 10.10.10.79 "
@rockyraccoon5367 3 жыл бұрын
ssh -i hype.key hype@10.10.10.79 load pubkey "hype.key": invalid format not sure why ...
@younesmohssen8158 3 жыл бұрын
Do chmod 600 hype.key
@younesmohssen8158 3 жыл бұрын
You need to make the private key accessible only to you, so you set its permissions to 600
@archersterling4044 6 жыл бұрын
Oh my god i had to run hearth bleed like a hundred times before it spewed out a pass
@zephyfoxy 6 жыл бұрын
I had no luck until I reset it, then after 2 exploits I got the pass. So frustrating. Heartbleed is truely luck-based. You're only dumping around 64k of memory at a time so you gotta keep trying.
@ThrashTitan 6 жыл бұрын
Damn this one got retired? It was gonna be next on my to do list..
@zephyfoxy 6 жыл бұрын
As of 2 hours ago. I thought it was going to be at 3pm my time but ended up 11am. Dont know how I did the UTC conversion wrong...
@mercwri4995 6 жыл бұрын
Yeah I did the UTC conversion wrong also when I uploaded my video I'd set it up to publish at 15:00 EST.
@zephyfoxy 6 жыл бұрын
Either that or they retired it early.
@d1gBR 6 жыл бұрын
Love your videos, loved this box but the audio is a little bit off
@ippsec 6 жыл бұрын
Yeah not sure what happened. Tried to fix it with post processing but didn’t come out any better.
@d1gBR 6 жыл бұрын
Don't worry man.... After a few minutes kinda works... I saw until the end. So cool seeing a box that I was able to pwn being pwned by you. Saw so many videos of you to learn, that kinda makes me proud of myself lol.
@himashhimash6017 2 жыл бұрын
again ippsec rocks
@obrebel0 5 жыл бұрын
as a beginner trying to get more familiar with the tools your videos are great, you do speak kind of fast sometimes though and it's hard to follow along.
@mx5701 4 жыл бұрын
Not every video on YT is exclusively for beginners. Pause the vid, research, learn, grow - and don't rely on others to spoon-feed you.
@_crys_ 6 жыл бұрын
Cool vid, but please fix your mic! Your voice keeps clipping throughout the video and it's slightly annoying.
@sleexox 2 жыл бұрын
I am getting sign_and_send_pubkey: no mutual signature supported Can anyone assist? TIA!
@yoseflevy6567 Жыл бұрын
same problem, got solution?
@cainiak Жыл бұрын
@@yoseflevy6567 My theory currently is that the system was updated or the updated/recent version of Kali does not support the use of the rsa algorithm being attempted. I've tried several times to use something like # ssh -o HostKeyAlgorithms=+rsa-sha2-256,rsa-sha2-512 -i hype.key hype@10.10.10.79 ... but I'm not getting anywhere
@grzegorztlusciak 8 ай бұрын
same problem
@omarsamkari 5 ай бұрын
just add -o PubkeyAcceptedKeyTypes=ssh-rsa Will solve the problem
@linali9101 Ай бұрын
-o PubkeyAcceptedKeyTypes=ssh-rsa worked for me
SmarterEveryDay
Рет қаралды 189 М.
The Diary Of A CEO Clips
Рет қаралды 105 М.