Video

I was able... with a little (lot of) help from chatGPT (paid) to follow you all the way to root.txt BUT... esp toward the end there from Ghidra forward... it became obvious that you understand a BUNCH of reasoning behind all of those pivots that I do not. Will have to spend lots of time going through all this piecemeal in order to get a clue. Thanks as always for so much inslight. I've been trying to see if I can conquer these boxes with just the writeups first... then if (when) I faiil... go through step by step with you. All in All its a lot of fun and great for staving off dementia... LOL!

How to test different custom http request response headers for BSQLI XSS LFI RFI RCE ? Thanks

I need part 2. Great video

Completed this box today with help from the video. For some reason, the PHP web shell worked initially, got deleted by the script, and then stopped working entirely when trying to reupload (very odd). Used the php-reverse-shell script in the end and it worked consistently. Haven't owned a box for a year it shows. Fumbled over everything from upgrading the shell to dropping an SSH key into dash's authorized keys. It's crazy how quickly skills/knowledge can fade when not using them frequently. Thanks for the video, it helped loads.

what's going on ipp!

yep. wonder wtheck is wrong with my escape character business..

so... i'm doing the port forward in my initial ssh command... we'll see how this goes... lol

I went and uncommented "EscapeChar ~" in my ssh_config file, and restarted the ssh session... however doing the ~C sequence simply leads to a message "commandline disabled"...

O.k. at 21:16 i have no idea what you did there... "if squiggly C is the first line on your ssh prompt"??? HUH? how did even get an ssh prompt there?

How to console use ‘ssh>’ ? What command this..?

How do you do url-encode on burp?

Instant like

Push!

I never could get the SNMP path working. Should have occurred to me that I could have run the script from the host, rather than my machine :)

Consistently awesome. ❤

I've exploited ApacheUNO before, it only takes one additional argument, but you can give it an awk reverse shell one-liner to avoid creating an executable file on the box.

babe wake up new ippsec video

Ipp sold me Fentanyl behind Blockbuster for 223 V-Bucks

🔥🥰

cool

nice

🎉

❤

Can you do a video about that hashcat box How i cam build my own???

escape and arrow keys give me characters like ^[^[OB^[OD^[OC^[OA^[OD when i'm trying to vi Kernel.php. Can someone help me out? I've looked all over the internet but they all involve installing/editing files which we cant do when hacking boxes

🤣 love how I do the first 10 parts of teir 0 on the starting point, then it directs me to machines to try, and I'm like sure why not, oh hey a very easy one......I watched 10seconds of your video and I'm lost instantly.....very easy my a** 😂 great video though

I really, really love that you don't edit out your mistakes! I sometimes feel so unbelievable stupid when such things happen to me, but it really helps me to see that even people with much more skill still sometimes mess up! I messed things up on this box (but at least i learned :D): I did not properly use sqlmap, so the whole token/cookie thing did not work, therefore I have written my own python blind sql injection script from scratch. While at it, I learned about python thread polls to pwn in parallel \o/ After extracting the admin hash, john failed to crack it and very much later I learned about mysql equals (or like) not beeing case sensitive and my script therefore extracting the hash with mixed case... So much pain, but a lot to learn even just extracting and cracking the password! Thanks hackthebox for providing those machines!

Push!

Push!

as always awesome !

Does anyone got this error from sql map after saving request into a file and use that is "unable to find http header" anyone?

Push!

Nice one

Hey thank you for your guide. But in the Part of 44:17 i get this message after command: user@Backdoor:/home/user$ screen -r root screen -r root Must be connected to a terminal. user@Backdoor:/home/user$ screen -S root screen -S root Must be connected to a terminal. I did follow your guide step by step. Do you have an idea, what the problem is?

mount -o remount,rw / I do get this error: '/dev/block/dm-5' is read-only I am using AVD Pixel 3

This is insane

The easiest ctf in my whole life i saw it

Ipp doesn't like me anymore :(

always good to watch these videos because i did end up rooting it but i _did_ get stuck on the raw symlink not working (however creating a symlink to just, all of /root works) and now i know why ^_^

Thank you!

isn't trying false creds and trying to force a remote buffer overflow crash going beyond discreet enumeration and just blasting the conch of battle?

10:58 you accidently clicked root.out

it wasn't due to cookie timeout, as you saved the request data at wrong file "root.out" at 10:58 , and the sqlmap ran correctly after deleting the previous result data. (i unknowingly spoke loudly when you saved it at wrong file 😩)

Ipp is a certified hood classic

i think i am hearing "vaultcmd /listcreds /all" from everywhere

☹️slove hard and insane machine with guided mode

Awesome 👍

26seconds

Suffered hours on tjis box. Then ended up looking for writeups. How are you making it this simple.

makes it look so easy. This box would take me 5h to crack probably.