If you are into netsec, this is so rich. I watch those just like a hockey player watches hockey games. Rewind every 10 seconds, pause understand his moves. Replicate his moves on my won workstation. I should donate some money to you, how can we do this ? I mean i'm benefiting so much from this.
Ipp, which monitor do you use? I got a 28 inches monitor and is awful to use vms, everything is small and selecting it to strectch in Vmware makes things bigger, but with a very low image quality.
I was thinking, i have never seen you using scp / sftp not even for kraken. Is there a security risk i am not aware of or are you just more used netcat and c/p? I guess for the boxes you don't want always to setup ssh_config. Thanks.
@IppSec Blind Boolean-based SQL injection isn't nearly as time-consuming as you suggest-at least, not if you're using the right approach. By implementing a binary search tree in your enumeration script, you can drastically cut down the time it takes to retrieve characters. This technique allows for rapid data extraction, even in a blind scenario. With a bit of scripting finesse, you can efficiently enumerate the target and save yourself a lot of headaches.
@@Hope-kf1nl I do show speeding up Boolean SQL injection here: m.th-cam.com/video/mF8Q1FhnU70/w-d-xo.html, which probably is the same method you are talking about. You’re still likely making 4-6 requests per character, when this can do 32 characters in a single request. For an md5sum, I believe every character would be 4 requests (maybe 3). So you’re talking about making 64 or 128 requests per password hash versus the 2 requests this way. It’s exponentially faster to go with error injection when you can.
hey ipp is there any auto clearing happening in there? in cacti when try to access that shell.php file i get 404 after a 3-4 seconds and no shell triggering🥲
Hey Ipp, let's assume, hypothetically, you have 426.8 billion USD. Would you buy an OSCP/OSWE/OSEP/OSED/OSEE voucher pack for all your subscribers and Discord Nitro for all the homies?
@@AUBCodeII id buy everyone HTB vouchers, I don’t like the way offsec has gone in the last couple of years. Laying off a lot of their content team left a bad taste in my mouth
@AUBCodeII yup, they got rid of the community team (falconspy/tjnull) ~2 years ago. Then a lot of the content creators (ex: Siren) and such a year ago. To my knowledge a lot of their content is just created by contractors nowadays, which isn’t a recipe for long term success
Thank you for doing this. I am going through HTBA and just watching and taking notes on this is priceless for me.
Yeaaa,,, Boyz
Ippsec Upload 🎉
Why exactly after you execute the "date" command does the connection to the machine occur? How is this related, I can't figure it out
35:53 what you click on keyboard when you login throw ssh to do port forwarding?
Enter + ~C
On some ssh client versions, you also need to add "EnableEscapeCommandLine yes" to ~/.ssh/config
Thanks Ipp
I learn from u every video. 🎉
If you are into netsec, this is so rich. I watch those just like a hockey player watches hockey games. Rewind every 10 seconds, pause understand his moves. Replicate his moves on my won workstation. I should donate some money to you, how can we do this ? I mean i'm benefiting so much from this.
@@dopy8418 I have YT memberships open, I don’t accept donations any other way
What type of terminal you're using?
how did you just get root through duplicati i though it was running inside Docker? where does the “source” directory come from?
Ipp, which monitor do you use? I got a 28 inches monitor and is awful to use vms, everything is small and selecting it to strectch in Vmware makes things bigger, but with a very low image quality.
how did you know that duplicati was running as root or had the necessary privileges?
Educated guess - backup software generally will have full disk access because it needs it companies want a full backup
awesome video!
The TikTok generation need to know that this is the real entertainment🙏🏼
absolute cinema
I was thinking, i have never seen you using scp / sftp not even for kraken. Is there a security risk i am not aware of or are you just more used netcat and c/p? I guess for the boxes you don't want always to setup ssh_config. Thanks.
No security risk - Just easier for me to copy and paste
20:00 (password 21,20) should be password(21,40) keep watching, thank you very much in advance! (or am i mistaken)))
@@ДмитрийКузнецов-я4д the second number is length. Not start/end.
@@ippsecoh, thanks a lot.
i had the same doubt.
Bravo
What a breeze!
great
Nice but I am missing a lot of enumeration steps making it look so easy.
Push!
Thank IppSec
fuck yea
@IppSec Blind Boolean-based SQL injection isn't nearly as time-consuming as you suggest-at least, not if you're using the right approach. By implementing a binary search tree in your enumeration script, you can drastically cut down the time it takes to retrieve characters. This technique allows for rapid data extraction, even in a blind scenario. With a bit of scripting finesse, you can efficiently enumerate the target and save yourself a lot of headaches.
@@Hope-kf1nl I do show speeding up Boolean SQL injection here: m.th-cam.com/video/mF8Q1FhnU70/w-d-xo.html, which probably is the same method you are talking about. You’re still likely making 4-6 requests per character, when this can do 32 characters in a single request.
For an md5sum, I believe every character would be 4 requests (maybe 3). So you’re talking about making 64 or 128 requests per password hash versus the 2 requests this way.
It’s exponentially faster to go with error injection when you can.
@@ippsec Yes, this was what I was talking about. Also, yes, no arguing it. You're correct that the error-based strategy is best here.
hey ipp is there any auto clearing happening in there? in cacti when try to access that shell.php file i get 404 after a 3-4 seconds and no shell triggering🥲
Hey Ipp, let's assume, hypothetically, you have 426.8 billion USD. Would you buy an OSCP/OSWE/OSEP/OSED/OSEE voucher pack for all your subscribers and Discord Nitro for all the homies?
@@AUBCodeII id buy everyone HTB vouchers, I don’t like the way offsec has gone in the last couple of years. Laying off a lot of their content team left a bad taste in my mouth
@ippsec fair enough. I didn't know they laid off their staff
@AUBCodeII yup, they got rid of the community team (falconspy/tjnull) ~2 years ago. Then a lot of the content creators (ex: Siren) and such a year ago. To my knowledge a lot of their content is just created by contractors nowadays, which isn’t a recipe for long term success
@@ippsec that sucks :(
@@ippsec lol, HTB voucher will be more interesting to be honest 🥰