Have you ever considered using a base32 encoded bash shell instead of base64? It can have = for padding of course but no + because of the chars used.
@thepracticesquad27167 ай бұрын
Hey IPpsec have u thought about doing a series on getting started ? Like how to llearn from square one.
@lool79227 ай бұрын
always the best to explain things very clearly. Thanks 👍👍👍
@lonelyorphan97887 ай бұрын
Ippsec rocks!!! 🙂
@dollarboysushil7 ай бұрын
what is that kracken used for hash cracking?
@GajendraMahat7 ай бұрын
I think, it's a ippsec host machine. He ran Linux in VM and ssh to the host machine for cracking hashes ❤
@nournote7 ай бұрын
A machine of his equipped with a GPU so he can crack passwords
@monKeman4957 ай бұрын
@@GajendraMahat may be he setup 10 parallel rtx 4090 rig on cloud
@0xPr3d4T0r3 ай бұрын
@@monKeman495 it says 1080 tho
@james_nt5 ай бұрын
i actually learn lots of tip & trick from you. thanks !!!
@AUBCodeII6 ай бұрын
Sorry Ipp, but aren't you mistakenly calling "/..;/manager" off-by-slash at 4:55? I think you called this technique URL confusion during RegistryTwo. I think off-by-slash is when you do "/assets../flag.txt" or something, like you explained in Cybermonday. Unless "/..;/manager" is also considered off-by-slash. Please do not take offense as I just want to figure out which technique is which. My broken English doesn't help as well, lol. Thanks!
@ippsec6 ай бұрын
I'm not positive but I think I made the mistake in RegistryTwo just because I didn't know the term "Off By Slash". The Off By Slash is when the location in NGINX doesn't have a trailing slash. I am 80% sure that for /..;/ to work, nginx has to have this vulnerability. The difference between ../ and ..;/ is just the nginx setup you are exploiting.
@AUBCodeII6 ай бұрын
@@ippsec I see. Thank you very much for the response! You rock! :)
@monKeman4957 ай бұрын
proper fingerprinting wins the race every time like we saw springboot enumeration
@anonymousvevo86977 ай бұрын
Unbelievably good
@Macj7076 ай бұрын
CHEF CRISP WUZ HERE! Thanks for all you do!
@GajendraMahat7 ай бұрын
i was waiting for your video 🥰
@AUBCodeII7 ай бұрын
Hey Ipp, what's 9 + 10?
@tg79437 ай бұрын
Push!
@garrag84217 ай бұрын
Oh i had tried it)))) just yesterday
@ruycr4ft7 ай бұрын
First :P
@highlights9737 ай бұрын
ippsec i need to start a channel like yours any tip so i dont make mistake
@perfectshow-bx1ov7 ай бұрын
Sir also solve the active machines instead of retired 😁😁😁
@ippsec7 ай бұрын
That’s against the terms of HTB
@sleepymarauder41787 ай бұрын
Where's the challenge if you get the answers. Retired are great for learning and having some aid