I just discovered your channel and only recently joined HTB, I really appreciate all the videos you are putting out there, it's absolute gold. I use your HTB videos to see your approach on on a box and compare it to the approach I used.
Don't ask me why but the way he says '10 10 10' is just great. When my attention decides to wander off, the '10 10 10' always makes return to focus 😅❤️
Hello ippsec, I have a question for you. When I try smbpasswd, I get an error saying Could not connect to machine: error was the transport connection is now disconnected. I spent this morning analyzing this error code, but I couldn't solve it. Could you possibly help me?
Yo, Ippsec, can you do a vid on staying stealthy during enumeration/privesc phase ? Also maybe wedge some staying-in-scope advice in there. Could be fun :)
why would we use hashcat to generate weak password, while in real pentesting missions, you can usually find strong password. Is it possible to choose crunch as a tool to generate all possibilities ( obviously it's gonna be a large file ) but we can proove that users must change their password every amount of time.
@@ippsec so what approaches take pentesters to get client passwords? do they usually verify if those passwords are contained in those wordlists simply ?
A Pentest result of hacking passwords with wordlists is usually very significant since it proofs the passwords are really bad. If you brute force complex passwords at a great cost there is not much to gain from that (you can look at the used hash method and tell in theory how easy/expensive it will be, there is no point in proofing it for pentest engagements - especially since available hashes is a game over anyway)
@@berndeckenfels let's assume that all users use good passwords, should we say that every pentesting mission gonna fail cause we couldn't find passwords? Is it based only on passwords? I hope that you got my point
@@noussayrderbel5631 depends on your definition of fail. However in the concrete example the actual problem is that you can spray passwords and there is no lockout. Finding that - even with not finding passwords - would be a major pentesting finding aka success (of course that’s not a htb objective). Besides, bruteforcing strong passwords online (instead of hashes) is slow anyway. But forget my answer, I was not aware you where referring to the pattern Generation with hashcat - just reached that place in the video.
Excuse my noobness, but what does adding the domain to the host file or the resolv.conf do for us? Does it constrain our queries or tell the device that it should be using or connected to that domain?
Hi. I'm a little bit confused. Maybe it will sound stupid but anyway I want to ask =) So we have LoadDriver.cpp, ExploitCapcom.exe, capcom.sys and rev.ps1 1)why do we need capcom.sys? What happens if we don't use it and try exploitCapcom.exe rec.ps1?
Ippsec, I have a problem with parrot (Security with MATE) on VirtualBox, and when I change my resolution (using xrandr or just settings), it just freezes on a black screen.
@@ippsec Do you virtualize your parrot os? Or do you have it installed on bare metal? I was thinking about switching to parrot but I don't know if having "hacking" system is secure as daily system. What do you recommend?
I just discovered your channel and only recently joined HTB, I really appreciate all the videos you are putting out there, it's absolute gold. I use your HTB videos to see your approach on on a box and compare it to the approach I used.
Don't ask me why but the way he says '10 10 10' is just great. When my attention decides to wander off, the '10 10 10' always makes return to focus 😅❤️
This was very well done. Another masterpiece. Clear, well explained, easy to understand. 💝
20:00 Yea the password reset on this box was brutal. Your changed password works for one login.
amazing as always!! thank you
Hello ippsec, I have a question for you. When I try smbpasswd, I get an error saying Could not connect to machine: error was the transport connection is now disconnected. I spent this morning analyzing this error code, but I couldn't solve it. Could you possibly help me?
I'm stuck here, too. My only thought at the moment is that the current version of our tools are not compatible with this older box.
Ippsec make the parrot OS video , your way and customise
github.com/theGuildHall/pwnbox
can you please share your configurations for tmux. i really loves the way you customized it for mouse support, copying to clipboard etc,
He's done it already: th-cam.com/video/Lqehvpe_djs/w-d-xo.html
i am getting error the transport connection is disconnected when i tried smbpasswd
Yo, Ippsec, can you do a vid on staying stealthy during enumeration/privesc phase ? Also maybe wedge some staying-in-scope advice in there. Could be fun :)
why would we use hashcat to generate weak password, while in real pentesting missions, you can usually find strong password. Is it possible to choose crunch as a tool to generate all possibilities ( obviously it's gonna be a large file ) but we can proove that users must change their password every amount of time.
Real pentesting missions have timelimits, if you go the BruteForce all combination approach; you won't get to your goal fast enough.
@@ippsec so what approaches take pentesters to get client passwords? do they usually verify if those passwords are contained in those wordlists simply ?
A Pentest result of hacking passwords with wordlists is usually very significant since it proofs the passwords are really bad. If you brute force complex passwords at a great cost there is not much to gain from that (you can look at the used hash method and tell in theory how easy/expensive it will be, there is no point in proofing it for pentest engagements - especially since available hashes is a game over anyway)
@@berndeckenfels let's assume that all users use good passwords, should we say that every pentesting mission gonna fail cause we couldn't find passwords? Is it based only on passwords? I hope that you got my point
@@noussayrderbel5631 depends on your definition of fail. However in the concrete example the actual problem is that you can spray passwords and there is no lockout. Finding that - even with not finding passwords - would be a major pentesting finding aka success (of course that’s not a htb objective). Besides, bruteforcing strong passwords online (instead of hashes) is slow anyway. But forget my answer, I was not aware you where referring to the pattern Generation with hashcat - just reached that place in the video.
hey. Why did smbpasswd work for changing the password of the user but rpcclient no. What's the difference on how those tools work
and then rpcclient decided to work after the whole password error
Waw, actually hacked be the print machine, that was poetic.
is this box matches an AD machine for oscp? so is it 40 points? or this is just one client
Thank You very much!!!
Excuse my noobness, but what does adding the domain to the host file or the resolv.conf do for us? Does it constrain our queries or tell the device that it should be using or connected to that domain?
Thanks bro. Do you provide any course in udemy or any?
I just wonder what are your pc specs @IppSec can i know
Hi. I'm a little bit confused. Maybe it will sound stupid but anyway I want to ask =) So we have LoadDriver.cpp, ExploitCapcom.exe, capcom.sys and rev.ps1 1)why do we need capcom.sys? What happens if we don't use it and try exploitCapcom.exe rec.ps1?
I'm not positive! When i first tried that it failed due to ExploitCapcom having the program hard coded. No reason why you can't try it out :-)
Thanks ippsec
very nice !
Didn't realize you can do so much with hashcat.
Fun box ☺️
Timestamps-thanx!
Ippsec, I have a problem with parrot (Security with MATE) on VirtualBox, and when I change my resolution (using xrandr or just settings), it just freezes on a black screen.
I dont use VirtualBox sorry.
@@ippsec Do you virtualize your parrot os? Or do you have it installed on bare metal? I was thinking about switching to parrot but I don't know if having "hacking" system is secure as daily system. What do you recommend?
@Drew Pena Try out vmware
Same request, please: your .bashrc or whatever .*rc -- I like very much the prompt, for e.g. Thanks!
This box is shit I couldn't figure it out and it is hard.
yow
also tested out for zerologon which was expoited successfully ❤️
What the f