The /proc/ keeps on giving. Once I got only a LFI, where this was mostly the only content I could load. I managed to get code execution on the server. This was a pentest of a shared cloud environment. So a big desaster. 😂
If you read the code for the bot - there is a hidden command called run that gives you command execution, took me ages to realise there was SSH creds because of that
Hey ippsec, whenever I intercept hackthebox domain(.htb) with burp, it throws an error and automatically converts http to https. Any solution for this???
ippsec can you tell me wath wrong with me on playing ctf i have a good level on ctf & programming if i start playing ctf i acctually stuck i dont know where i can start
I wish there was a more consistent way to find subdomains with the cli tools, I cant tell how many times I been stuck bc my script aint find any subdomains istg
Yes I did enjoy. Pwnkit cve-2021-3560 dbus-send.... time base PE, need to learn how to develop an exploit that script worked superb 👏 👌. I always go the hardway timing Kill command by my own instinct in GUI poor me. 🤣😂😂
This has been my first box some months ago. Keep up the good work!
The /proc/ keeps on giving. Once I got only a LFI, where this was mostly the only content I could load. I managed to get code execution on the server. This was a pentest of a shared cloud environment. So a big desaster. 😂
So good! Keep it up IppSec, your content is greatly appreciated!
If you read the code for the bot - there is a hidden command called run that gives you command execution, took me ages to realise there was SSH creds because of that
What's going on IppSec, this is Paper and we're doing TH-cam
loll
as a office fan how could i miss this box:(
Awesome explanation, as always! But I have one question... I ran linpeas 4 times and the vuln check doesn't show up... Am I doing something wrong??
same... I don't know what's wrong.
I even downloaded the updated LinPEAS
I think this is the first time I have heard anyone pronounce CentOS. I've always assumed it's "Cent Oh Ess", not "Centoes". What do you peeps think?
Cent Toss
that question will change my life
Hey ippsec, whenever I intercept hackthebox domain(.htb) with burp, it throws an error and automatically converts http to https. Any solution for this???
it could potentially be a HSTS thing, maybe an old box set HSTS for the domain? Try clearing your HSTS settings in the browser see if it helps.
ippsec can you tell me wath wrong with me on playing ctf i have a good level on ctf & programming if i start playing ctf i acctually stuck i dont know where i can start
running the most recent linpeas release against this box doesn't show that CVE...
I wish there was a more consistent way to find subdomains with the cli tools, I cant tell how many times I been stuck bc my script aint find any subdomains istg
Another great video!
How this box is released this time ? its 6.27 AM IST
Thought I released it but guess I didnt
@@ippsec haha i was going to message you to see if you were ok. was thinking you must be unwell since you are so consistent with posting walkthrus
sticky note: update linpeas
please is there any hackthebox give away?
Can you explain what makes you choose parrot OS? Thank you, I love ur vids
Reason: www.hackthebox.com/newsroom/supporting-parrot-os
17:00
It took me fucking hours to just try the bot pw as dwights ssh password... 😢
Second
omg im first
Sir i am from india, here is morning,
/proc/ seems to be the way to go. So useful to escalate the lfi
Yes I did enjoy.
Pwnkit cve-2021-3560 dbus-send.... time base PE, need to learn how to develop an exploit that script worked superb 👏 👌. I always go the hardway timing Kill command by my own instinct in GUI poor me. 🤣😂😂