indeed!

Up

I disagree with the length comments. These videos are the perfect length. I learn so much from them as is. If I don't get enough info about a command I spend my own time learning more. I really appreciate your videos.

Hey bro I hope you're doing well and not fussing over how late you might've started on this stuff. You've gotten into it and you're serious about it which puts you above huge numbers of people. Good luck

@@jamieeccleston2988 Thanks man the encouragement helps immensely! I finished associates degree and almost done with my 3rd year and will be finishing up my bachelor's next fall at the University level. Thanks again man for everything you do!

@@jamieeccleston2988 I was able to make some very good friends with a couple of classmates that share my passion and who are very talented with programming and networking. We are now working together on tryhackme and hackthebox and different projects incorporating python and networking. We watch your videos and John Hammonds. But its a huge help as we progress along on this journey. I figured out i needed to change my attitude and not look at how far I have to go but focus on what im learning and realizing I can do this. It helps to have the right attitude. I came really far fast with python and it was because I changed my attitude about things.

late response but fuck it, he does a more complicated solution so he can learn something new in his videos too.

Nope. Don't accept donations currently.

Because Reverse Shells won't always work; if you're always in a rush to get to the goal, you'll miss out on a lot of learning experiences. Without those experiences, you'll be lost when you come across a box that has a really nasty bad character (like space in Holiday). Or if the firewall is simply blocking connections that initiate outbound, which would stop the reverse shell.

Thank you! What causes "bad characters?" Is that a security feature of the host? And if a reverse shell is blocked by the firewall, shouldn't a NC be as well?

there is a way around this restriction, coulda sworn that IppSec has gone over this in another video, but I can't find my notes on this topic atm. Will circle back if I do

I have the exact same question too!

He rooted one in a previous challenge. So after being blacklisted, he used that boxed he rooted in the past as a proxy. Sorry for the noobsplain

@@b3twiise853 But you can only run one machine at a time on HTB. I just did Nibbles right before this one and when I try to SSH or PING it doesn't respond.

Same question here! Any explanation on he connected via SSH to the Nibbles box?

@omarsamkari it used to be possible, unfortunately not anymore

I'm guessing there is something earlier in the code that the blog post doesn't show that either shows something like $queues = $curdatabase or something. It looks like $queuesdrop would work. Easiest way to find out is to just try queues drop and see if it works. If it doesn't then edit the PHP script to put print statements in random places and see what stops it.

@@ippsec Totally didn't expect this reply; Will check it out real soon when I can. Thank you so much!

TheMaMe82 Nice idea. Thanks. Personally I've just used two browsers: Firefox for proxy and Chrome for direct.

Better use exceptions in the proxy profile.

I almost always use the same wordlist. As for putting extensions that's just what you're looking for. In reality, I'd probably do swp/bak/~/.1/etc aswell but it would take a really long time. Unfortunately, it's really just a guessing game.

Ok,I appreciate your fast replay..Usually things are mess here in my side. I cannot understand the logic between tools. I mean set up 2 different tools but with same task. One can fail and one can pass..How can be so much difference, when the task have been the same and the tools are doing same thing.

The tools aren't doing the same thing. Try running the tools through your BurpProxy and looking at what they do differently.

same here

same here!

I tried a few different ways and dirbuster never gives me system-users.txt

Over a decade, but most of my experience is sysadmin related

IppSec ah cool. I've just started out studying toward my Cybersecurity degree and was wondering how long, if at all, itd take to get so efficient!

To learn how to handle the CSRF token

No. It uses your OpenVPN Address, which while it is dynamic the server remembers your IP for a certain period of time.

@@ippsec Thanks for the response. I have one more question! I only put php extension while using dirbuster and didn't get txt files back. Eventually I got stuck on xmlrpc.php enumeration to exploit and couldn't figure out the way to get reverse shell. What should I do to avoid this mistake all the time? Should I put all extensions in gobuster/dirbuster all time? What is your way? I know in walkthroughs we only put the one from we can continue without wasting time!

Same question here! Did you find any solution for that?

@@omarsamkari I found that you can use proxy servers to bypass IP block. there are multiple paid third party that gives you stable proxy IPs but I have not tried paid ones

Have you solved this problem yet?

It does not work afaik could do it via printf

He wanted to show bad char enumeration

What did I do that you cannot do with Burp Free? The entire reason I wrote the python script was to not use Burp Pro.

Burp community edition cant intercept anything at all, intercept is on and no intel gathered, same on fully updated kali and same installed on my desktop.

There's something wrong with your configuration. When it comes to the interception feature there is no difference between community and pro. Make sure proxy is set, all protocols are selected, the IP Address you want to intercept isn't in exclusion, you don't have any plugins you aren't aware of, etc. Try watching one of the earlier videos like Popcorn where I may go into explaining Burp if you're unfamiliar with it. Or joining the NetSecFocus Mattermost group (link on HackTheBox), unfortunately I can't really help people troubleshoot as I'd get overwhelmed with random questions; but I can assure you there is nothing I've done in any of this video that you'd need Burp Pro for.

IppSec Why do you have Burp Pro version if it doesn't make a difference with interception stuff?

The Renaissance because it makes difference in other stuff like iSec said before... Only scanner, multithread for brute force attack and some useful plugins to work with... but intercept, repeater, intruder etc made that tool what it is today. If you want scanner and multithread brute force capability use owasp zap in addition of burp free. I dont understand guys who dont have some basics look videos like that...

There should be a skip button in the bottom right. If not describe the ad and i'll email google about it

That was an omen about Citrix cve

That would be spoiling a live box mate. Have to find one yourself.

Haha. Well I was close! Think I was just forgetting the shift.

Unfortunately, those videos would take much more time as I'd have to organize some type of lesson plan and verify I'm not doing it in a way I'd want to revamp in a few months. Not to mention putting out that type of content for free limits what I could charge for in the future. Don't have any plans to do actual training material as it would take time away from my actual job, but don't want to take any steps that could close that door.

Hackers Blog 😂