HackTheBox - CozyHosting

Рет қаралды 13,386

Күн бұрын

Пікірлер: 27

@clarb027 7 ай бұрын

Have you ever considered using a base32 encoded bash shell instead of base64? It can have = for padding of course but no + because of the chars used.

@thepracticesquad2716 7 ай бұрын

Hey IPpsec have u thought about doing a series on getting started ? Like how to llearn from square one.

@lool7922 7 ай бұрын

always the best to explain things very clearly. Thanks 👍👍👍

@lonelyorphan9788 7 ай бұрын

Ippsec rocks!!! 🙂

@dollarboysushil 7 ай бұрын

what is that kracken used for hash cracking?

@GajendraMahat 7 ай бұрын

I think, it's a ippsec host machine. He ran Linux in VM and ssh to the host machine for cracking hashes ❤

@nournote 7 ай бұрын

A machine of his equipped with a GPU so he can crack passwords

@monKeman495 7 ай бұрын

@@GajendraMahat may be he setup 10 parallel rtx 4090 rig on cloud

@0xPr3d4T0r 3 ай бұрын

@@monKeman495 it says 1080 tho

@james_nt 5 ай бұрын

i actually learn lots of tip & trick from you. thanks !!!

@AUBCodeII 6 ай бұрын

Sorry Ipp, but aren't you mistakenly calling "/..;/manager" off-by-slash at 4:55? I think you called this technique URL confusion during RegistryTwo. I think off-by-slash is when you do "/assets../flag.txt" or something, like you explained in Cybermonday. Unless "/..;/manager" is also considered off-by-slash. Please do not take offense as I just want to figure out which technique is which. My broken English doesn't help as well, lol. Thanks!

@ippsec 6 ай бұрын

I'm not positive but I think I made the mistake in RegistryTwo just because I didn't know the term "Off By Slash". The Off By Slash is when the location in NGINX doesn't have a trailing slash. I am 80% sure that for /..;/ to work, nginx has to have this vulnerability. The difference between ../ and ..;/ is just the nginx setup you are exploiting.

@AUBCodeII 6 ай бұрын

@@ippsec I see. Thank you very much for the response! You rock! :)