HackTheBox - Perfection
Vložit
- čas přidán 2. 08. 2024
- 00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password
Babe, wake up, new IppSec video dropped
I learned pen-testing largely from these videos. Three years ago, I got my first pentesting job and somehow promptly forgot all about IppSec. Until today. It's such a great feeling, to know that all my studies paid off. I can finally understand the full content of these videos! Yipee!!
I didn't know you could brute force with hashcat like that. I always learn something new!!
❤🎉 another sweet drop from the Wizard of the Matrix.
Thanks, as always your explanations are gold!
the GOAT
ippsec you’re one of my heroes but the way you pronounce ubuntu kills me lmao
Solid as usual
Let's rock❤
thanks! great video as always
good vid
you are so amazing
Thanks
Aside from HTB and TryHackMe, what tools should I be playing around with on my computer in order to break into Cyber? I have a few ideas: Kali Linux, Linux GUI, Windows command prompt. What else should I download?
Hey Ippsec i have a question that i guess is unrelated to this particular video but i know your the man to ask.. so i'm trying to figure out why if i type echo "password" | md5sum the output or string is totally different to the string i would get on say md5 hash generator online? Maybe i am being stupid but i guess i won't know if i don't ask.
Without a -n, echo is putting a line break in.
@@ippsec Well now i feel stupid aha.. problem solved. Thanks for the reply ipp your a legend 👌
hey my burpsuite browser can't connect to the website
I assume hashcat checks file each iteration instead of remembering it's content
Really great content,i just wanna ask if you could do more mobile app hacking
Push!
My reverse shell is not working lol
ffuf supports OS commands to encode input
can you make video about how can you have option to which search engines do waan search for it or give me name of softwer so i can to. if anyone know in chat will you help me into this 3>.
Hard to tell he ever had a speech impediment now
semicolon ;
Colon :
Lulz
First
Lol
Hey Ippsec, yesterday I got a new VIP sub for HackTheBox for a year. Haven't done any of the Sherlocks earlier until today. I really liked the LockPick3 Sherlock! Have you done that one yourself already ?