If you spotted any areas for improvement, have alternative techniques, or discovered other creative ways to hack this machine, please share them in the comments. Your insights help us all grow as ethical hackers! 👍
@@Lirb-kg7rm Will need to make a video on this in the future, in short its ohmyzsh - robbyrussell theme with colorize plugin and my ls, la is using eza and my cat is batcat
Thank you again, for that educating video. Thank to you I gained the skills to figure out stuff myself. For example I figured out the XXE Vulnerability and how to use it. But I always miss those little details. For example how did you figure out, that you needed that php syntax and decoding?? I found it after one google with htb guided tip. But there has to be a method to figure it out by myself. Also the python at the end. I got until the point where I could run the python code with a "valid" malicious md file but I didn't get the syntax... I missed the "and".... It really grinds my gears that I always miss the last little detail.. Anyway Thank you so much!
Sure thing! 😄 We found at 4:56 that the portal page has the .php extension and at 18:25 the use of btoa(xml) in the javascript function which indicates base64 encoding, which is relevant to how we craft our exploit and might suggest using the php://filter wrapper. Hope that helps 👍
Question… burp suite? I looked for it and found port swagger. Is that it? I’m 47 have a degree in business now I’ve turned my attention toward a cyber defense degree. I’m 7 or 8 classes so practically new.
Yup, Burp Suite is made by PortSwigger (company behind it), and they also have a free Web Security Academy. It’s a great way to learn about web vulnerabilities step by step. This is an awesome time to mix your business degree with cybersecurity since companies love people who understand both worlds. Definitely check it out! If you have questions, feel free to ask! 😊
burp suite is software created by a port swigger. If you starting in cybersec I advice you to choose specific role in cybersec and learn it. Do not learn all cybersec path because it's waste of time. Before jump into cybersec you should learn about networking, linux, windows, databases (mostly sql) etc. If you want to defense/attack systems and infrastructures you have to know how it works, why vulnerabilities occurs, how to configure it etc etc
Awesome question! the script is designed to evaluate a ticket for irregularities in its first few lines, but it uses eval() on the ticket file content without any input sanitation or validation. Combined with the sudo -l output allowing us to run ticketValidator.py as root, this lets us craft a malicious ticket file with Python code that gets executed with root privileges. 👍
That's awesome! not the sea sick part lol, but if you're able to follow along at 1.25 or 1.5 even better! This is my normal speed for easy boxes 😂, the goals to speed up gradually for medium and hard boxes to get to ippsecs level eventually👍
@@chrisalupului it's your voice i was talking about, sorry, English isn't my first language, i didn't seem to explain my point properly lol, the pace of your video's is perfect
If you spotted any areas for improvement, have alternative techniques, or discovered other creative ways to hack this machine, please share them in the comments. Your insights help us all grow as ethical hackers! 👍
How can I have such colorful linux terminal ?
@@Lirb-kg7rm Will need to make a video on this in the future, in short its ohmyzsh - robbyrussell theme with colorize plugin and my ls, la is using eza and my cat is batcat
As always, a new awesome video!!
Thanks for the support! 💪
Thank you again, for that educating video. Thank to you I gained the skills to figure out stuff myself. For example I figured out the XXE Vulnerability and how to use it. But I always miss those little details. For example how did you figure out, that you needed that php syntax and decoding?? I found it after one google with htb guided tip. But there has to be a method to figure it out by myself. Also the python at the end. I got until the point where I could run the python code with a "valid" malicious md file but I didn't get the syntax... I missed the "and".... It really grinds my gears that I always miss the last little detail.. Anyway Thank you so much!
Sure thing! 😄 We found at 4:56 that the portal page has the .php extension and at 18:25 the use of btoa(xml) in the javascript function which indicates base64 encoding, which is relevant to how we craft our exploit and might suggest using the php://filter wrapper. Hope that helps 👍
@@chrisalupului Thank you! Can't wait for the next video 😍
man I love your videos
Thanks a ton! 🙌
I like all your content. Great 👍
Thanks so much, I appreciate it! 😊
thank you for the knowledge
No problem! Happy to share knowledge 😄👍
Question… burp suite? I looked for it and found port swagger. Is that it? I’m 47 have a degree in business now I’ve turned my attention toward a cyber defense degree. I’m 7 or 8 classes so practically new.
Yup, Burp Suite is made by PortSwigger (company behind it), and they also have a free Web Security Academy. It’s a great way to learn about web vulnerabilities step by step. This is an awesome time to mix your business degree with cybersecurity since companies love people who understand both worlds. Definitely check it out! If you have questions, feel free to ask! 😊
burp suite is software created by a port swigger. If you starting in cybersec I advice you to choose specific role in cybersec and learn it. Do not learn all cybersec path because it's waste of time. Before jump into cybersec you should learn about networking, linux, windows, databases (mostly sql) etc. If you want to defense/attack systems and infrastructures you have to know how it works, why vulnerabilities occurs, how to configure it etc etc
Thank you so much 💯
Sure thing, hope it helped 👍
how do you know that the ticket file can be inserted with python codes? that's amazing
Awesome question! the script is designed to evaluate a ticket for irregularities in its first few lines, but it uses eval() on the ticket file content without any input sanitation or validation. Combined with the sudo -l output allowing us to run ticketValidator.py as root, this lets us craft a malicious ticket file with Python code that gets executed with root privileges. 👍
Thank you
Sure thing! 😄👍
ffuf also have -e option to do extension thing
You the man! 👍
❤❤❤❤❤❤❤
❤❤❤
how he make his kali so beautiful? his terminal is so cool
I wasn't expecting the joke = )
=P
How u made this lab ?
This lab is a machine/box from HackTheBox (HTB) called BountyHunter, you can check them out by visiting the link in the description. 👍
dude randomly dropped a deeznuts joke, lmfao
🤣 Appreciate ya!
Need to watch your vids in 1.25x, you slow it down too much in post by the sounds of it, sounds too "slow motiony", makes me sea sick lol
That's awesome! not the sea sick part lol, but if you're able to follow along at 1.25 or 1.5 even better! This is my normal speed for easy boxes 😂, the goals to speed up gradually for medium and hard boxes to get to ippsecs level eventually👍
It"s a preference thing. Personally the main reason why i enjoy your breakdowns is the speed
@@chrisalupului it's your voice i was talking about, sorry, English isn't my first language, i didn't seem to explain my point properly lol, the pace of your video's is perfect