Тёмный

HackTheBox - Obscurity 

IppSec
Подписаться 252 тыс.
Просмотров 23 тыс.
50% 1

Опубликовано:

 

30 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 60   
@DHIRAL2908
@DHIRAL2908 4 года назад
I love when you give extra knowledge! It's really helpful and we get to learn something new 😁
@clubby7893
@clubby7893 4 года назад
This was my first box, and I think it shows, with unintendeds at every step. It's been a real learning experience for me though!
@padaloni
@padaloni 4 года назад
I love the ramblings. That's one of the reasons why you are the best! Awesome walk-through bro.
@olivervilo
@olivervilo 4 года назад
I love your videos. I already owned this machine, but watching your video really help me learn a lot of new things. Totally recommended!
@JuanBotes
@JuanBotes 3 года назад
thanks for the extra explanations - awesome content as always!
@Thmyris
@Thmyris 4 года назад
Very much agreed on the intro, obscurity is definitely a powerful layer of security if used right.
@diegoperez458
@diegoperez458 4 года назад
Man what a masteclass!! Including how WEP cracking works! Thanks a lot for sharing your knowledge mate!! Amazing!!
@vladyslavdzhoklo2696
@vladyslavdzhoklo2696 4 года назад
The best explanation of the Box that you can imagine. Great job, IppSec!
@zeuscybersec659
@zeuscybersec659 4 года назад
Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
@geeshta
@geeshta 4 года назад
23:28: Top 10 Anime Betrayals
@osorin_
@osorin_ 4 года назад
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
@veritatas678
@veritatas678 4 года назад
Incredible Insight you showed me. Thanks
@secular2226
@secular2226 4 года назад
Man I just got lucky did it yesterday nice box and great explanation loved it
@Organicnz2
@Organicnz2 4 года назад
Thanks for diving into details it's so helpfull :)
@0xshaheen
@0xshaheen 4 года назад
Like before watching ♥️
@assafcohen3173
@assafcohen3173 4 года назад
I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
@WillPlatnick
@WillPlatnick 4 года назад
Thank you ippsec!
@TheHectorshark
@TheHectorshark 4 года назад
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
@ippsec
@ippsec 4 года назад
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
@najibnasar7141
@najibnasar7141 4 года назад
Love ur videos and thank you so much
@zeroordie453
@zeroordie453 4 года назад
ippsec, you should start using ffuf, its very stable and fast :D Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
@dojoku88
@dojoku88 4 года назад
nice info, do you have good resource to start tutorial bandit apps,
@devloppeurinformatiquec8486
@devloppeurinformatiquec8486 4 года назад
i like your vidéo guy , it's so good , i like it
@CsernatoniSzilard
@CsernatoniSzilard 4 года назад
oh man , your videos are like good series :) love every episode :D .... Im a beginner , but one day ill get there :)
@UnknownSend3r
@UnknownSend3r 4 года назад
Do you have experience in the field ?
@onochieanyanetu6213
@onochieanyanetu6213 4 года назад
When you said you didnt want us to see whats in your Download folder i died laughing!
@NeerajSharma-jg3yh
@NeerajSharma-jg3yh 4 года назад
How should I start on CTFs not Hackthbox? Please reply !
@gengsec
@gengsec 4 года назад
For the web. Love it
@badreddinechamkhi3785
@badreddinechamkhi3785 4 года назад
nice content ! i'm asking about curiosity if u are good at doing ctf's why don't you move to bug bounty ?
@ippsec
@ippsec 4 года назад
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
@alturis-t7d
@alturis-t7d 9 месяцев назад
john cracks that root password hash in a split second
@skyone9237
@skyone9237 4 года назад
I got frustrated from this box and left without solving...😔😒
@عبداللهالهيبي-س3ح
@عبداللهالهيبي-س3ح 4 года назад
Me too, I left it coz its brain fuck not medium
@ertertz9408
@ertertz9408 4 года назад
still, doing *nc -q 0 your_ip port < file_to_send* on the remote box auto terminates the nc process.
@the_unknown8808
@the_unknown8808 4 года назад
Hero.
@ProfessorParno
@ProfessorParno 4 года назад
bunch of insight i got. thanks for those inspiring stuff. hope my channel can grow as good as yours
@real1cytv
@real1cytv 4 года назад
A clock is a really good model to visualize modulus!
@UnknownSend3r
@UnknownSend3r 4 года назад
How so, can't even behind to connect the two.
@nkitkanjiya7241
@nkitkanjiya7241 4 года назад
I learn a lot from you..! really appreciate it..
@Reelix
@Reelix 4 года назад
11:46 - "It's probably because it started with the hashtag" Owch Ipp - Just owch. "I run calculator and... I get a shell" Sounds like your average exploit PoC :p With the new flag system you can actually cat the flag - No need to worry about character counting it :)
@CurrentlyObsessively
@CurrentlyObsessively 4 года назад
I used dirbuster for the first time on this box. At the bottom checked the box for fuzzing and used /{dir}/SuperSecureServer.py Found it pretty quick
@snydher
@snydher 4 года назад
Hello, thanks for your video.. btw, -Z parameter on wfuzz continue process after error. I found develop folder using this.
@retnikt1666
@retnikt1666 4 года назад
Woah, I did this one like 2 hours ago, I must have got lucky it was still online!
@ARZ10198
@ARZ10198 4 года назад
Was this free box ?
@clarb027
@clarb027 4 года назад
Well...that was significantly more impressive than the way i got the www-data shell. XD
@nikohegeheiskanen
@nikohegeheiskanen 4 года назад
How did you get it?
@daanbreur
@daanbreur 4 года назад
Love the videoss
@ippsec
@ippsec 4 года назад
Nope
@daanbreur
@daanbreur 4 года назад
@@ippsec Ahh why not xD
@gabenv3.03
@gabenv3.03 4 года назад
I remember this box. One big pain in the ass is what it is.
@avinavjitgupta9682
@avinavjitgupta9682 4 года назад
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things
@vigil33t
@vigil33t 4 года назад
Alexandrovich is patronymic and pronounce as alexAndrovich
@PabloSilva-ph6mk
@PabloSilva-ph6mk 4 года назад
47:16 lol, I see I'm not the only one who gets curious over the "why this does not work" and stop everything to find it out
@DHIRAL2908
@DHIRAL2908 4 года назад
I think the vs code is named Codium in repos
@TheHectorshark
@TheHectorshark 4 года назад
You could present ffuf in the next video... Like to show different tools and everything
@Hazeee101
@Hazeee101 4 года назад
1:24:56 blow my mind
@Organicnz2
@Organicnz2 4 года назад
Alexandrovich is a Russian patronymic or middle name lol
Далее
HackTheBox - Mango
53:27
Просмотров 39 тыс.
This is how Halo felt as a kid 🤣 (phelan.davies)
00:14
JUJU HAS IT ALL! | Brawl Stars Animation
00:53
Просмотров 4 млн
HackTheBox - ForwardSlash
1:52:54
Просмотров 25 тыс.
HackTheBox - Traverxec
59:01
Просмотров 32 тыс.
HackTheBox - ServMon
1:03:13
Просмотров 36 тыс.
HackTheBox - Admirer
51:18
Просмотров 26 тыс.
Network Security - Deep Dive Replay
3:08:19
Просмотров 177 тыс.
HackTheBox - Cascade
48:13
Просмотров 35 тыс.
HackTheBox - Oouch
1:52:21
Просмотров 26 тыс.
Decrusting the tokio crate
3:31:48
Просмотров 128 тыс.
GEOMETRIC DEEP LEARNING BLUEPRINT
3:33:23
Просмотров 203 тыс.
This is how Halo felt as a kid 🤣 (phelan.davies)
00:14