HackTheBox - Perfection

Подписаться 244 тыс.

Просмотров 13 тыс.

50% 1

00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password

Опубликовано:

2 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 31

@AUBCodeII 27 дней назад

Babe, wake up, new IppSec video dropped

@o3tg2w35t 20 дней назад

I learned pen-testing largely from these videos. Three years ago, I got my first pentesting job and somehow promptly forgot all about IppSec. Until today. It's such a great feeling, to know that all my studies paid off. I can finally understand the full content of these videos! Yipee!!

@NatteeSetobol 21 день назад

I didn't know you could brute force with hashcat like that. I always learn something new!!

@Ms.Robot. 26 дней назад

❤🎉 another sweet drop from the Wizard of the Matrix.

@juandelpuerto5711 27 дней назад

Thanks, as always your explanations are gold!

@activ3Port 27 дней назад

the GOAT

@StefanŁukasik-m3k 27 дней назад

Solid as usual

@bread_girl_jane 23 дня назад

ippsec you’re one of my heroes but the way you pronounce ubuntu kills me lmao

@InsanexBrain 15 дней назад

thanks! great video as always

@felixkiprop48 25 дней назад

Let's rock❤

@alanbusque6645 27 дней назад

Thanks

@abdirahmann 27 дней назад

good vid

@Martin-Pentest 26 дней назад

Hey Ippsec i have a question that i guess is unrelated to this particular video but i know your the man to ask.. so i'm trying to figure out why if i type echo "password" | md5sum the output or string is totally different to the string i would get on say md5 hash generator online? Maybe i am being stupid but i guess i won't know if i don't ask.

@ippsec 26 дней назад

Without a -n, echo is putting a line break in.

@Martin-Pentest 26 дней назад

@@ippsec Well now i feel stupid aha.. problem solved. Thanks for the reply ipp your a legend 👌

@mohammadhosein6847 26 дней назад

you are so amazing

@kingzedge 17 дней назад

Aside from HTB and TryHackMe, what tools should I be playing around with on my computer in order to break into Cyber? I have a few ideas: Kali Linux, Linux GUI, Windows command prompt. What else should I download?

@ManuGram 27 дней назад

Really great content,i just wanna ask if you could do more mobile app hacking

@tg7943 14 дней назад

Push!

@sh22xpr 24 дня назад

I assume hashcat checks file each iteration instead of remembering it's content

@seM1c0l0n 25 дней назад

ffuf supports OS commands to encode input

@raphaelriera-v3b 25 дней назад

hey my burpsuite browser can't connect to the website

@j0hnc0nn0r-sec 14 дней назад

Hard to tell he ever had a speech impediment now

@nicollasalcantara6907 18 дней назад

My reverse shell is not working lol

@_Mann_Kasodariya 16 дней назад

can you make video about how can you have option to which search engines do waan search for it or give me name of softwer so i can to. if anyone know in chat will you help me into this 3>.

@admiralbaty 27 дней назад

semicolon ; Colon :

@amieemaya9472 26 дней назад

Lulz

@Blomma761 27 дней назад

First

@redxroomie 27 дней назад

Lol

@boogieman97 21 день назад

Hey Ippsec, yesterday I got a new VIP sub for HackTheBox for a year. Haven't done any of the Sherlocks earlier until today. I really liked the LockPick3 Sherlock! Have you done that one yourself already ?