The invite code thing is like looking at something you wrote when you were in high school. You remember that it really broke your brain when you did it initially, but all the experience you have gotten since then has made it beyond trivial.
This was one of the best videos you made. I love seeing your methodology and problem-solving techniques in the face of the unknown, it gives me the strength to keep learning. Do more like this, please!
It will be slightly longer than I expected, it's a lot more complicated than I expected. But I'll certainly put something out there soon as I can. You can see I created an issue on Linux Exploit Suggestors repo :)
Hey Ippsec, I have a question regarding the regex in remove_special_characters. I have seen this regex used in many web applications, some as apart of ID sanitisation in dynamic queries. I got them impression from your video that it'd be possible to bypass this regex. Would it be possible to comment on it further? It might even be a good separate video. Thanks
Some of the Easy ones back in like 2021 probably. There was a time when I did them more blind, but I started reviewing boxes before they went live to players, so its hard to do a true blind play through.
Is it possible that you will solve the soccer box without using sqlmap? I've been really struggling with it, plus I think its a really interesting machine. Regards from Spain :)
sir i am a free user of hack the box and i cant get the virtual machine in my windows for longer time is there any other option to get virtual machine for free inmy windows to work for the machines in hack the box sir
I didn't understand why we would need to add the hostname to the hosts file? And how do we get to that conclusion by entering to the website and getting the not found result? (I started HTB a few weeks ago, I'm still a noob, can someone explain me?)
When doing these types of CTF’s there is no DNS Server. Some websites do virtual host routing, which makes DNS important. Editing the host file mimics having a dns server. I don’t remember how this box leaked the hostname but I’m sure if you watch from nmap, it’s probably around there. Normally it’s ssl certificates
I really don't understand how this machine is considered "Easy", and i'm terrified what will the "Medium" ones be...
Welcome to the Hackthebox community!❤😅
The invite code thing is like looking at something you wrote when you were in high school. You remember that it really broke your brain when you did it initially, but all the experience you have gotten since then has made it beyond trivial.
I’m glad you said you had trouble solving the invite code back in the day because so did I lol
I am not the only one who had to lookup the invite code! Great box, brings back memories for sure
This was one of the best videos you made. I love seeing your methodology and problem-solving techniques in the face of the unknown, it gives me the strength to keep learning.
Do more like this, please!
Do you go through the boxes before filming or are you just naturally talented? :) great video as always
this is a different level of amazing watching, after solving this - still learned a lot
An ippsec vid on a Wednesday? This feels like when GoT episodes gets leaked 😂
Congrats on 200K
Great work - waiting for the next one
Any idea where he uploaded the next part of the video "Beyond Root- Adding overlay FS"?
I love everything about this and can't wait for you to complete the cliffhanger!
It will be slightly longer than I expected, it's a lot more complicated than I expected. But I'll certainly put something out there soon as I can. You can see I created an issue on Linux Exploit Suggestors repo :)
Hey Ippsec, I have a question regarding the regex in remove_special_characters. I have seen this regex used in many web applications, some as apart of ID sanitisation in dynamic queries. I got them impression from your video that it'd be possible to bypass this regex. Would it be possible to comment on it further? It might even be a good separate video. Thanks
I saw this machine getting released on HTB, now it's no longer present. Is it only for you to show us your approach to solving machine or?
Its Retired
You can still access it
I really missed "We have alreadyyyy rannnn itt "
This box is so intimidating. If this is considered easy then I'm scared of what's to come
Nicely done, thank you 👍
Which computer and software do you use
Using JS-Beautify 1.15.1 and CyberChef, both seem to fail to de ofuscate the javascript min.js file
I had the same issue but ChatGPT worked for me
Wow thank u
Do you have more videos of solving boxes without previous experience with them?
Some of the Easy ones back in like 2021 probably. There was a time when I did them more blind, but I started reviewing boxes before they went live to players, so its hard to do a true blind play through.
@@ippsec Ok thanks. Love your content and Im always learning something new from every video! Keep doing your thing!
Is it possible that you will solve the soccer box without using sqlmap? I've been really struggling with it, plus I think its a really interesting machine. Regards from Spain :)
Nope I’ll use sqlmap. There are videos where I do Boolean injection without it
@@ippsec Okay! Thanks eitherway for all the content you give us ☺
so do you use everytime put, if you want to update smth?
Do you prefer ferobuster or gobuster?
Hey man do you know why i cant i get "Server Not Found" when i try to load up the site on that machine?
first time seeing that kracken
what is it? a custom machine made by you or a new server to crack hashes?
Its just a box I have on my network.
CHEF CRISP WUZ HERE!
Bravo maestro)))
Oh no, my calendar must be two days off‼️😅
sir i am a free user of hack the box and i cant get the virtual machine in my windows for longer time is there any other option to get virtual machine for free inmy windows to work for the machines in hack the box sir
How do you display your own IP in your terminal prompt? Please let me know
ip a
Thnx!
I didn't understand why we would need to add the hostname to the hosts file? And how do we get to that conclusion by entering to the website and getting the not found result? (I started HTB a few weeks ago, I'm still a noob, can someone explain me?)
When doing these types of CTF’s there is no DNS Server. Some websites do virtual host routing, which makes DNS important. Editing the host file mimics having a dns server. I don’t remember how this box leaked the hostname but I’m sure if you watch from nmap, it’s probably around there. Normally it’s ssl certificates
It was from nmap!
Thanks for the help !!
Push!
11:10
Fun fact: you can't check "Remember me" on this box 😆
Oops! Go back to the old school :v
Ipp, you should create a box called "Your mom"
how to copy text from tmux & pasting outside tmux ?
for now my discovery is to used shift and select text I want to copy and right click to paste it. Wonder, how do you purely used command :)
tmux-yank plugin will do the trick!
why do we need a header? and why should the header be a cookie?
Helps if you put a timestamp of where your question is. I don't know exactly what you are asking
@@ippsec sorry about that. the time stamp is 17:17
It’s because it’s an authenticated endpoint - you need the Cookie header for an authenticated session
Woah what is kracken??
Hi!
AAA!
31:07 interesting..
ssh kracken command not given output as how in video instead it gives failed to resolve hostname or Service anyone can help me with this
Kracken is a box on my network, you can run hashcat on your computer
mice
Wtf?))
I'd like to understand more how the command injection vulnerability works.
I don't know why this box is rated as "Easy" it's pretty far from it
I guess, u r new to HTB platform 😂