Тёмный

HackTheBox - Traverxec 

IppSec
Подписаться 252 тыс.
Просмотров 32 тыс.
50% 1

Опубликовано:

 

29 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 90   
@ianmusyoka9717
@ianmusyoka9717 4 года назад
Ippsec thanks so much for the content you keep releasing i started pentesting about 6 months ago a complete beginner i watched how you tackled each box and right now I've done about 9 boxes that are active in hack the box Thanks sir you always motivate beginners pentesters like me
@matteopili4383
@matteopili4383 4 года назад
Good job bro💪🏻
@Cullinan000
@Cullinan000 3 года назад
Hello Ian. How much did you know prior to starting pentesting? Did you know anything on security? Sys admin? Any other CS-related fields? Do you have a degree in CS? I am asking because I very much admire IppSec's videos and I often find myself wondering how much work it would take for me to learn it all.
@ianmusyoka9717
@ianmusyoka9717 3 года назад
@@Cullinan000 i had no background in cybersecurity i was just looking for walkthroughs on HackTheBox machines on youtube and came across ippsec's channel started watching his easy box which later i advanced to the more difficult ones that's now been over a year and a half And it worked for me I've published few exploits on exoloitdb and right now I've solved over 30 boxes Watching his videos is a gain for sure can't wait for the one being released tommorrow 💪💪
@Thmyris
@Thmyris 4 года назад
The last 10 minutes are the gem of the video! Thanks for going through the CVE!
@brettnieman3453
@brettnieman3453 4 года назад
Thanks so much for adding awesome additional content when there's an easy box like this.
@HunSnakestyle
@HunSnakestyle 4 года назад
I played with this box a lot to get root (this was my first box) and finally I gave up on it, because I totally stucked at that jourmalctl point, now I understand, thanks for showing and explaining how things works :)
@marky1124
@marky1124 3 года назад
Using find, grep & md5sum at 50:27 was interesting, but for me a much simpler approach would be `diff -r 196-src-dir 197-src-dir` Love your videos. Amazing work. So much great content.
@archersterling4044
@archersterling4044 4 года назад
This all makes so much sense and I love you
@lennartluthi4869
@lennartluthi4869 3 года назад
38:08 When I removed the pipe after the sudo command the journalctl would not go into Less, but just finish. A lot of people had that. The trick was to make the terminal smaller than 5 lines, then it would stay in Less. What could it be that Ippsec didn't have to do this?
@aMODiEswede
@aMODiEswede 3 года назад
I actually attempted the command and gotten root without having to resize, because I like to keep the terminal mid sized and vertical. But I agree with you it should be less than 5 as it says in the command n5, however if you try going 4 or 3 it won't work only 2 and 1 which is weird
@michaeleinzmann4651
@michaeleinzmann4651 2 года назад
maybe "stty rows" was assigned a lower value in ippsec's terminal
@ferdinandodavino2388
@ferdinandodavino2388 Год назад
This comment saves my relationship. Thanks
@spartan1o5
@spartan1o5 4 года назад
This is awesome We all appreciate this work you do!
@atomicsp
@atomicsp 4 года назад
Wait what? Why did you not have to resize your terminal? Mine just exited less straight away, spent some time figuring that bit out...
@comradedragoGaming
@comradedragoGaming 4 года назад
Thanks for this I was going insane trying to figure out why in the world mine was just dumping me to the terminal, any idea why resizing the terminal made a difference?
@lloyd-wright
@lloyd-wright 3 года назад
IppSec should have way more likes and follows.
@redpanda31337
@redpanda31337 4 года назад
@ippsec Question, manpage of nc says the following: -l, It is an error to use this option in conjunction with the -p, -s, or -z options. Same goes for: -p source_port Specifies the source port nc should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the -l option. Was just wondering why you us nc with -lvnp, which I am doing as well since watching your videos. Thanks!
@ippsec
@ippsec 4 года назад
Probably just habit -- No idea why I combined the two but at this point its just muscle memory.
@aminhatami3928
@aminhatami3928 4 года назад
Tnx bro. Your videos are very helpfull for me . Even more than you could imagine.
@Ms.Robot.
@Ms.Robot. 4 года назад
Mmmmmmm this is good. 💗🧜‍♀️🧚‍♀️ Never get enough.
@noway5930
@noway5930 4 года назад
Vim supports ‘-‘ to read from stdin so ‘diff a b | vim -‘ would have done what you wanted at 53:53 Love your vids!
@omran.alshehabi
@omran.alshehabi 4 года назад
You are awesome sir !!!
@FelixTang32
@FelixTang32 4 года назад
Thank you again for the videos.
@brianpmcg
@brianpmcg 4 года назад
just subscribed! I'm new to the game! thank you for the tutorials!
@AlMontasar
@AlMontasar 4 года назад
I need you advice am interesting on this but what u are using is Kali It was fine with me tell the last update when i install it on my mac the wifi not working tried couple of methods and nothing work .. The question here can i use ubuntu as what you are showing in your video ?? Is there big different if i use the tools but on ubuntu or you recomend Arch bec Kali not working
@elvi7major577
@elvi7major577 4 года назад
Thank you ippseq Really good box
@Motivacion_en_Movimiento189
@Motivacion_en_Movimiento189 4 года назад
I love your videos I have learned a lot
@QuadDerrick
@QuadDerrick 2 года назад
why would you use metaspolit when there IS a no metaspolit version avaliable ... ?
@aabid3677
@aabid3677 4 года назад
♥️
@yojimath
@yojimath 4 года назад
Ty very much sir for the video!
@IND_Abhi
@IND_Abhi 4 года назад
Hey Please keep going BTW thank you
@temirzhanyussupov6997
@temirzhanyussupov6997 4 года назад
On some machines, "sudo -l" requires entering the password but for some of them, this is not true. Why?
@Flutebuddie
@Flutebuddie 4 года назад
In the sudoers (sudo visudo) file, check for a line near the bottom that says something like
@i_sometimes_leave_comments
@i_sometimes_leave_comments 4 года назад
Where can I get the handy `kracken` image you're using for cracking passwords?
@shellbr3ak443
@shellbr3ak443 4 года назад
As always,, great explanation. a simple note: if u want to run LinEnum in thorough mode, you don't need to edit the script, just enable the '-t' flag :)
@ippsec
@ippsec 4 года назад
Yeah that would involve writing to the disk. I don’t think you have access to argv when executing it via nc/curl/etc
@shellbr3ak443
@shellbr3ak443 4 года назад
@@ippsec I didn't know that we don't have access to argv when executing nc, however the box has wget installed ;)
@booster4870
@booster4870 4 года назад
i was on my way to pro lol i gusse i lost the points of this box....thanks ippsec for the video
@evildead7845
@evildead7845 4 года назад
OMG ! Can anybody tell me why this happens ? When I run "/usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service" this command in full screen terminal it gives me error(which is it just "cat" it and not run it in "less").... But when I use small screen on terminal and run the exact same command it runs in "less" and I get to root. Why this weird stuff is happening ?
@toddjacobsen6492
@toddjacobsen6492 4 года назад
I believe if your term window can support all of the data the journalctl provides, you exit gracefully from less and journalctl. Gaining a shell will work on your Kali machine as well...# sudo journalctl -xe followed by !/bin/sh....
@evildead7845
@evildead7845 4 года назад
@@toddjacobsen6492 Yes actually gaining shell on my kali works. But when I run the command as david user in full screen terminal it doesn't work except when I run command as david user in small screen it works !
@toddjacobsen6492
@toddjacobsen6492 4 года назад
@@evildead7845 , the functionality/output of journalctl is the same on your Kali box...if the log messages are less than the term window rows, journalctl exists gracefully without less.
@toddjacobsen6492
@toddjacobsen6492 4 года назад
Example....run journalctl -u sshd.service on a full term window...on Kali...
@evildead7845
@evildead7845 4 года назад
@@toddjacobsen6492 Okay I understood now ! Thanks ! Have a good going !
@e1Pr0f3ss0r
@e1Pr0f3ss0r 4 года назад
My gobuster tool don't have -u option..it gives me error ...what can I do
@supremesupreme26
@supremesupreme26 4 года назад
GREAT
@pswalia2u
@pswalia2u 3 года назад
For finding directories or files in directories with only execute permissions(Only works if we know the name of file/directory) - find / -type d -perm -a+x 2>/dev/null | while read LINE; do ls -al "$LINE/public_www"; done 2>/dev/null Does not outputs the absolute path. I don't know how to do that. Let me know if anybody knows ...
@b-raj-k
@b-raj-k 4 года назад
@ippsec can u tell me.. how you split the terminal screen... It is very handy... Please reply
@spheleleshandu3334
@spheleleshandu3334 4 года назад
use tmux bro
@ippsec
@ippsec 4 года назад
There's a tmux video on my channel. Watch it.
@spheleleshandu3334
@spheleleshandu3334 4 года назад
ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-Lqehvpe_djs.html
@b-raj-k
@b-raj-k 4 года назад
Thanks a lot
@ABHaX
@ABHaX 4 года назад
@@ippsec bro i have problem with copy past on tmux ..!! outside the tmux i cant paste..!! any suggestions..!!
@vanshshah8520
@vanshshah8520 4 года назад
Where did you learn how to hack?
@priyanshukumarpu
@priyanshukumarpu 4 года назад
I guess there is a Python script too for the nostromo exploit
@b-raj-k
@b-raj-k 4 года назад
Yeah... That's how I did
@ianmusyoka9717
@ianmusyoka9717 4 года назад
Yeah i did too with that pytgon script
@behnamanisi1
@behnamanisi1 4 года назад
exactly how i done it! much easier github.com/theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCE
@yongkentlee8441
@yongkentlee8441 4 года назад
why i cant connect to 10.10.10.165 help needed
@1peperko
@1peperko 4 года назад
Nervmon
@hakbuddy5541
@hakbuddy5541 4 года назад
first view first like first comment
@Raekh_
@Raekh_ 4 года назад
First! The final step was bs x)
@ippsec
@ippsec 4 года назад
Watch the video, then let me know if you still think that. I didn't think any part of this box was bs :)
@Raekh_
@Raekh_ 4 года назад
@@ippsec Last part is bullshit cause for some reason and for some users journalctl will just cat instead of using less. So for this to work you had to know that journalctl doesn't less unless you have enough space on your screen. Log file was tampered with and didn't display as many lines as you did, that's why it didn't work for me the first time.
@shellbr3ak443
@shellbr3ak443 4 года назад
@@Raekh_ in a tmux session, the size of the pane isn't important :)
@Raekh_
@Raekh_ 4 года назад
@@shellbr3ak443 it is! I just tried it again. When I don't shrink, it cats. When I do, it runs less.
@alexc3591
@alexc3591 3 года назад
@@Raekh_ Thanks for this - I couldn't figure out why it wasn't working for me - I made my tmux session smaller and it went to less.
@netbin
@netbin 4 года назад
FIRST!
@douglasluna9057
@douglasluna9057 4 года назад
Amazing!!! Thanks for this
Далее
UHC - NodeBlog
49:20
Просмотров 16 тыс.
HackTheBox - Mango
53:27
Просмотров 39 тыс.
СОБАКА И  ТРИ ТАБАЛАПКИ Ч.2 #shorts
00:33
HackTheBox - Postman
1:11:52
Просмотров 75 тыс.
HackTheBox - Horizontall
1:04:53
Просмотров 23 тыс.
HackTheBox - ServMon
1:03:13
Просмотров 36 тыс.
HackTheBox - Obscurity
1:32:25
Просмотров 23 тыс.
HackTheBox - Traceback
39:02
Просмотров 29 тыс.
NixOS Setup Guide - Configuration / Home-Manager / Flakes
3:01:39
HackTheBox - Control
1:42:53
Просмотров 36 тыс.
HackTheBox - BankRobber
1:10:14
Просмотров 60 тыс.