HackTheBox - Time

Рет қаралды 24,712

Күн бұрын

00:00 - Intro
01:00 - Start of nmap
03:30 - Poking at the website
04:20 - Finding a way to generate error messages
06:45 - Researching the error message
08:50 - Throwing a random exploit from the internet and getting a new error
11:40 - Trying another exploit but this one will make a HTTP Request back to our server
14:00 - Testing RCE with this exploit with a simple ping
15:50 - RCE Confirmed switching to a reverse shell
18:04 - Running LinPEAS
22:40 - Exploring the custom System Backup Timer Service
25:30 - Editing the Timer Backup Shell Script to get Root
26:25 - Extra Content - Explaining some forensics with time stamps
29:20 - Writing a quick script to search our path for files with full time stamps
31:25 - Cleaning up our notes.

Пікірлер: 56

@issuinoyume85 3 жыл бұрын

When I watch this I am both discouraged, and inspired at the same time.

@WilliamFritz3511 3 жыл бұрын

Lol I know the feeling

@WilliamFritz3511 3 жыл бұрын

@Souligna Savann You really have to love learning to get into hacking. Don't fear it. Let it motivate you to want to read and learn everything. Watch everything you can to add to the arsenal of knowledge you will have in the future to be able to apply that into helping others.

@martin-hollingsworth 3 жыл бұрын

I know your a busy guy but are you planning on doing any more live stream videos sometime soon, aimed primarily at beginners. The whole interaction with you would be very educational and informative. You have a great way of explaining things, and for us noobs would be a fantastic opportunity to learn and build on our skills. Your a Guru 👌

@deadeye821 3 жыл бұрын

He is omnisient🤤

@cesarepele4947 3 жыл бұрын

Awesome, absolutely MIND BLOWING the forensic bit with time stamps, that's amazing!just WOW

@gelzki5632 3 жыл бұрын

Thanks ippsec for not forgetting the notes. 😆

@itsm-574 3 жыл бұрын

Notes are the best practice to do the job

@arielrachamim6361 3 жыл бұрын

It is not less than a perfect. I am so enjoying you contents!

@potatoonastick2239 3 жыл бұрын

The timestamp bit actually seems like a very underrated tip, I wonder what other handy use cases it might have Great video as always!!!

@ca7986 3 жыл бұрын

You are amazing dude! ❤️

@MrTalhaarshad 3 жыл бұрын

Hahah see you all on next... Oh no... That was quite funny :p Something was already awaited in the last in my mind :D

@socat9311 3 жыл бұрын

And happy 4 years for HTB!

@sand3epyadav 3 жыл бұрын

You r my fav sr

@daneilyan6419 3 жыл бұрын

Just a tip you can pipe output into xclip -sel clip to get it into clipboard

@rootabeta9015 3 жыл бұрын

You can even shrink that down to xclip -se c

@RuneAntonsen 3 жыл бұрын

alias it to cb, even shorter..

@pramodkhandelwal9321 3 жыл бұрын

Awesome ippsec!!!

@burakbozac3192 3 жыл бұрын

Thnx ippsec !!!! -*-

@sebastianstarke6668 3 жыл бұрын

I love your videos! Thank you so much. I have 0 experience in doing these things but I find this oddly satisfactory to watch 😂 Could you include Box difficulty in the description or the preview picture and include a link to the box on HTB? Would love to take a look and maybe you can get some referrals

@ashiqrahman3299 3 жыл бұрын

❤️

@ElectricAir42 3 жыл бұрын

This was the first box I ever attempted. I didn't make it very far but I did identify the vulnerability. I never was able to successfully exploit it.

@digvijaysingrajput5780 3 жыл бұрын

Hy... How did he split the terminal horizontally... I am using ctrl+A then other commands to split.... But looks like he does it in one button.... If anyone know something, it will be great help.

@deutschmitvkEins 3 жыл бұрын

👍🏻

@glorypatchen5103 3 жыл бұрын

It’s Tiiiiimmmmmeeee!!! For ippsec!!

@dg58942 3 жыл бұрын

The timestamp tip to identify binaries not installed by the package manager is a good one. But in this case, having a .sh file not owned by root in the /usr/bin directory should have screamed for attention.

@phyzix_phyzix 3 жыл бұрын

Do you solve these boxes before you make the video? You're so fast!

@themasterofdisastr1226 3 жыл бұрын

I remember that one: My exploit just did not work w/ my kali VM. Next day I used a standard Ubuntu box w/ the same exploit and it worked. Weirdest thing ever. Oh and its definitly easier than Luanne, despite being a "medium" box.

@ursr78122 3 жыл бұрын

Did you delete notes regarding previous boxes(Luanne, Crossfit)? I mean in obsidian, because they are not shown in a folder menu on left side, but same vault.

@ippsec 3 жыл бұрын

Yes I clear out the notes after the video is done

@ursr78122 3 жыл бұрын

@@ippsec Do your notes have no value for you?)))

@FahyGB 3 жыл бұрын

Couldn’t you use Wappalyzer to find out what version of Jackson the web servers running ?

@jalajkumar9955 3 жыл бұрын

How your Parrot is so smooth in VMWare? Mine kali is really trash in vmware, hangs a bit. Though, I have associated 7GB RAM and 3 processors to the VM

@FahyGB 3 жыл бұрын

He’s in fact using a parrot instance via a web browser, also he’s tunnelling via a mod vpn, which will have virtually no traffic, back into HTB network.

@eseseis7251 3 жыл бұрын

reminds me of someone. nano ps, lsof or netstat or any monitor program then put in $1 or "$1" cant remember either how to pass all args, but add at the end |grep -v ip, or proc name, or anything. dirty but live of the land

@roykoren5171 3 жыл бұрын

from where I can learn this stuff?

@MD4564 3 жыл бұрын

Awesome, any chance you can create a tutorial for HackTheBox VM ?

@elikelik3574 3 жыл бұрын

How did you install Obsidian? =D Any useful source for that?

@chal9575 3 жыл бұрын

I'd suggest you download the AppImage from obsidian.md/download. That's the easiest

@olivernichols7493 3 жыл бұрын

After you download the app image, place it in your local bin within your path. One of the locations is ~/.local/bin if memory serves me right.

@rickmorty664 3 жыл бұрын

I have quite a few files in /usr/bin that have timestamps != 00000000000. Does that mean I'm backdoored?

@ippsec 3 жыл бұрын

Most likely means you placed files there for convenience and didn't use the correct path (one with local)

@rickmorty664 3 жыл бұрын

@@ippsec Probably, but I haven't touched these binaries (x-session-manager, ypdomainname, w, xzgrep, mintsources, etc). Oh well, One last question sir; Is the /usr/libexec folder common? I ask because there are many binaries living there and I can't really find much docs on this directory. It seems kinda suspect. I've ran a clamscan but it reports nothing out of the ordinary.

@dedkeny 3 жыл бұрын

port #9001 because it's over nine thousand... and it has no invisible line-breaks...

@imuser007 3 жыл бұрын

ippsec please plan any live stream that will helpful for us

@sand3epyadav 2 жыл бұрын

Ohh my god, not 7.6p2 bionic. Missing type 8.2p2 ....

@saketsrv9068 3 жыл бұрын

everything is awesome,but this note taking kills necessary time

@ippsec 3 жыл бұрын

I think it’s under 2 minutes in obsidian during the box... then there’s time on the end for those that want to see it. I try to put most of the note process at the end of the video so you can skip it

@saketsrv9068 3 жыл бұрын

@@ippsec Thanks , i respect you a lot ❤️

@oldprogrammer93 3 жыл бұрын

Was that a reference to the name of box? :joy:

@null_1065 3 жыл бұрын

@@ippsec thanks for including notes at the end

@haridass2208 3 жыл бұрын

Seriously i really hate that vi editor !!! Working good in parrot but when exploiting target we cant use nano there if i press arrow its typing something like this [~. I really hate that vi editor I can't edit that timer_backup.sh ;/

@kuulajarkkoperse 3 жыл бұрын

I dunno how much you pay youtube to promote your stuff, but everytime I watch one of your videos my frontpage gets filled with your videos and its fkin anoying. Great content tho, ty.

@ippsec 3 жыл бұрын

I don't pay anything.