Thank you very much for the video, always learning something new! Just one thing, I got blacklisted as well while rooting the machine but came out of it in a different way. You just have to set the x-forwarded-for cookie with a different ip, that does the trick and bypasses the check, if I remember well. Just so that you know ;)
@SunsetGraffitiАй бұрын
❤❤❤ this is like watching a skate video where they don't edit out the spills. Listening to you think through problems in real time is SO helpful. You are a gift, my friend!
@raanonyms79265 жыл бұрын
"Is there something else that I can do", this phrase keeps me motivated for HTB :)
@mattbangert3966 жыл бұрын
This is my first box on HTB. Learned much already from this vid. Thank you!
@nicolasperezmolina4916 жыл бұрын
how the fuck do you hack one lol
@thepag526 жыл бұрын
start with vulnhub my guy
@nicolasperezmolina4916 жыл бұрын
what diference is between hackthebox and vulnhub?
@3rg1s6 жыл бұрын
Nicolás Pérez Molina hackthebox has machines that won't find solution until they are retired. Vulnhub most of the time had solutions. That depends on what you like. Also hackthebox gives you a vpn so that's the only thing you have to download to hack the machines. On vulnhub you need to download a virtual machine and run it on your network which is better somehow,because no one restores the machine so... There are other differences btw. If you are a beginner do some easy machines on vulnhub. Hackthebox is difficult.
@abhishekchaudhari9706 жыл бұрын
Nicolás Pérez Molina HTB provides online machine to attack while vulnhub give image files which you can download and attack
@LeandroLemos4 жыл бұрын
Which keymaps have you used to change the encoding in the burp suite?
@sudosuraj2 жыл бұрын
15:30 why didnt you use proxychain just before hydra?
@brettnieman34536 жыл бұрын
Thanks so much! It's great to watch you do these easier machines as well. So helpful and learning tons. Thanks again!
@SudoSrijan11 ай бұрын
The way you solve the machines with easy make me realize I have a long way to go.
@Abhijitkamath14 Жыл бұрын
why did the local port forwarding work ... is it because the nineveh machine has connectivity to nibble. Is it possible to do the same thing using another local machine
@saeedsaeed96 жыл бұрын
Amazing, did this machine two days ago and had no idea it was going to be retired the next day :"D Btw, thank you very much for those amazing videos, they're literally stacked with knowledge! I'm grateful.
@nothing-hm7dz6 жыл бұрын
i became happy and excited every time i see you upload new video :D i really do , thanks for your Knowledge i really appreciate it
@PrestonZen2 жыл бұрын
Are you able to hit the web server with a proxy chain configuration so you can bypass the lockout with multiple IP's?
@charlesnathansmith4 ай бұрын
He's routing traffic through another htb box he'd already solved to avoid a reset since they're on the same VPN anyway.
@sefterm-zade97443 жыл бұрын
You are amazing... I found this channel today and learned lots 👌👍💥🔥🔥🔥🔥🔥🔥
@teleton114 жыл бұрын
This might be something that changed but how are you executing that other shell file? if only "monitor.sh" can actually run without being root?
@striple7655 жыл бұрын
password was nibbles tf how do you guess it so right
@sriharikeerthi14803 жыл бұрын
cewl the website you will get it, no need to guess
@rickjames30343 жыл бұрын
@@sriharikeerthi1480 true but there is a login attempt blacklist so you wouldnt be able to brute force the cewl output...
@lumenknotty6355 Жыл бұрын
At 24.49 what hotkey is pressed to code the right format? - It is Ctrl-U
@mythlord5655 жыл бұрын
For the better shell with autocomplete, can you type what u press please? you say FG with enter or something but tbh i dont understand xD
@deathfromthekrypt6 жыл бұрын
My first machine, was a great one for me
@KucharJosef6 жыл бұрын
Exactly :)
@jacquesmit5026 жыл бұрын
Same here
@deviousmethod13106 жыл бұрын
like a first sex hehehe )
@うみねこ-h8t2 жыл бұрын
Can appreciate the "over 9000" reference
@cxdva86352 жыл бұрын
Hi, this one was pretty easy. Other then the password everything went smooth maybe ten minutes to complete if i knew the password? However, I've been trying to find a way to bruteforce the password with hydra but i couldn't find any way. Is there actually a way to find a password in this kind of senario?
@obsessed925 жыл бұрын
It's over 9000 !
@IS33UUU5 жыл бұрын
Many thanks for ALL your walk-throughs!
@treew46 жыл бұрын
Any idea what to do if you not guess the password?
@pentestical4 жыл бұрын
Keep in mind: The box names on HTB have special meanings. In this case, nibbles is also the password - lol
@TaelurAlexis Жыл бұрын
Snitchingggg lol
@fitman846 жыл бұрын
The last question you could think someone would ask you: what keyboard do you use? Thanks for sharingh all this knowledge.
@ranbash6 жыл бұрын
Looking for my first machine to work on. Thinking this is a great place to start?
@cybertools85603 жыл бұрын
ipsecc: "this is a really easy box" 14 minutes later: gets locked out.
@medic6606 жыл бұрын
when I did nibbles I always got permission denied when trying to edit the etc/hosts file for some reason. Doing sudo -u root /path/to/monitor.sh ended up working for me. Also didn't know about RationalLove privesc, where tf did this thing pop out of? ty ipp
@luizfzs6 жыл бұрын
It would be awesome to have a video of you approaching an unknown box so we could understand all of your reasoning.
@ippsec6 жыл бұрын
I believe I had completed nibbles in under 10 minutes. I cover a lot more things in the video than I would if doing it live. Also after pretty much tearing apart one ctf box a week for a year straight, its likely that a lot of my path won't make sense because I'll already know some weird trick the author wanted to put in the box. I've thought about streaming VulnHub but would need to block out a 2-3 hour chunk of time predictably to be successful there. I'd rather just spend the time studying and creating a different non-ctf video series.
@TheKyodaija6 жыл бұрын
IppSec non-ctf would be good
@bugr33d0_hunter86 жыл бұрын
Yeah i take tons of notes when i dont understand a new term you use and research it. I really appreciate you explaining further on your videos. I figured as much considering the amount of genius level of imformation you have stored in that beautiful mind of yours. Do you take donations? If so where could i send it, because you taking the extra time to help out the InfoSec community is tremendously awe-inspiring. We cant thank you enough.
@ippsec6 жыл бұрын
Thanks for the kind words, just pay it forward when you can. Videos are as much for me as everyone else. Unfortunately, I don’t accept donations but appreciate the offer. Luckily for me a one time donation wouldn’t really have any impact on my life so it’s hard to be as greatful as I should be. That being said it would be pretty awesome to hear about someone helping out a charity local to them. For example sending food to an no kill animal shelter.
@bugr33d0_hunter86 жыл бұрын
IppSec _/ alright my brother. Will do, will do.
@henryhaller6714 Жыл бұрын
When I grow up, I wanna be like you man.
@deltajee7_org3 жыл бұрын
They've put this in the latest getting started module on the academy.. lol the 'they' is you because you were in the credits.. I dunno why I'm saying this.. but yeah great module... Im just a beginner.. that module cleared a lot of ideas..
@TeoLiangWei4 жыл бұрын
where do we copy /opt/shell/php/cmd.php from
@shivangkumar66466 жыл бұрын
How to find the ssh credentials for DevOops???
@Brlesskoin7 ай бұрын
Amazing job!, I'm your new follower, hope one day I do all that stuff you do...
@baciukrystyan64796 жыл бұрын
Thank You for sharing Your Knowledge.
@traderH8 ай бұрын
Why don't you wanna use metasploit?
@MatheusCopyright6 жыл бұрын
why does sudo checks the hostname/ip?
@ippsec6 жыл бұрын
You can specify hostname in the /etc/sudoers file, so the entry is only valid on that host. Was useful before the days of DevOps, because you could just have one file across all servers and be relatively secure.
@noizedub805 жыл бұрын
This was my first box, did many different things but still got root :) !
@mouhannadal-hmedi150121 күн бұрын
thanks boss
@guestguest54506 жыл бұрын
Thank You @IppSec ;) - deleting empty lines in Vi -> :g/^$/d OR you can use in Burp "Copy to file" ;)
@guestguest54506 жыл бұрын
you can also make an alias for this command -> :command Lines :g/^$/d after this you can call :Lines
@spaffhazz3 жыл бұрын
i hate using vi. the enter doesnt work and i keep getting weird strings of characters when i hit esc or insert. can anyone help me with this?
@ippsec3 жыл бұрын
Install VIM.
@spaffhazz3 жыл бұрын
@@ippsec what if the user cant use apt?
@gunslingerfourtysix6 жыл бұрын
Keep them coming IppSec ✌️
@Fiji_water_man6 жыл бұрын
nice, can't wait for nightmare
@dannythomsen6 жыл бұрын
Oh there is a CVE for the image upload thing. I enden up reading the sources for the upload function and quickly spotted the vulnerability. It works because the code checks the image _after_ it has been moved into the web dir, where it throws an error and leaves the file without deleting it.
@ahmedabdullah5274 Жыл бұрын
Thanks
@bluehawk18606 жыл бұрын
password nibbles WTF ?
@Philbertsroom5 жыл бұрын
Please no guessing passwords, that's dumb af. Either there is a way or there isn't... guessing shouldn't be part of a box.
@skylarmcdermott20206 жыл бұрын
It took sooo long for me to get user cuz I couldn’t find the admin credz
@o3tg2w35t4 жыл бұрын
Same. Small problem, big impact!
@PhotoSlash6 жыл бұрын
no way, I was trying to do this machine 10 mins ago, damn it.. lol
@jawadsher10622 жыл бұрын
🤔🤔 awsome. Whats the best to create methodology likh you. Seriously awsome and so fast
@automata89736 жыл бұрын
I wandered through open directories and found image.php which was a somebody else's shell with GUI. Used that to get user. Lol !
@sand3epyadav3 жыл бұрын
Nice ippsec sr
@mbrkic016 жыл бұрын
Ssh tunel was used on potion :)
@guillaumeentournee4 ай бұрын
baffled by how this is an "easy" machine and basically you have five tries to GUESS a password... wth.
@privateger6 жыл бұрын
Hm, I found the username by guessing.
@Blu3W4r10Ck3 жыл бұрын
Tutorial: Just guess the admin password lol
@rickjames30343 жыл бұрын
h4x0r3
@deltajee7_org3 жыл бұрын
@@rickjames3034 think again... It's right in front
@ronak36005 жыл бұрын
Ippsec master teach me your way
@SuperMarkusparkus6 жыл бұрын
If you would not have guessed the right password directly, you could have used x-forwarded-for to switch to a new ip for each login attempt. See github.com/cloudfoundry/gorouter/issues/179 www.dzonerzy.net/post/nibble-blog-ip-spoofing-attack
@ippsec6 жыл бұрын
Nice Catch! Didn't even think to check for that type of attack.
@paired78155 жыл бұрын
password nibbles ?..oops
@bread_girl_jane4 ай бұрын
i cannot for the life of me get a reverse shell on this machine even when i follow this tutorial
@HarimaKentaroАй бұрын
you still stuck or did you get past it? I just followed along the HTB Academy [Getting STarted Module]. It maybe of help. One place I got stuck was escalating privileges, but that was because it was a misunderstanding on my part by reading regular message as error message :\ Anyway, good luck!
@skylarmcdermott20206 жыл бұрын
The day I owned root this machine got retired😥😥
@caspardghost2043 жыл бұрын
Nibble
@shakirali36476 жыл бұрын
How about a face reveal video ?
@ippsec6 жыл бұрын
I don't believe that will happen. I'd prefer not to be recognized when I go to conferences.
@latinjeditrix6 жыл бұрын
so instead you let a confused Ray Romano get harrassed by infosec nerds XD