Completed this box today with help from the video. For some reason, the PHP web shell worked initially, got deleted by the script, and then stopped working entirely when trying to reupload (very odd). Used the php-reverse-shell script in the end and it worked consistently. Haven't owned a box for a year it shows. Fumbled over everything from upgrading the shell to dropping an SSH key into dash's authorized keys. It's crazy how quickly skills/knowledge can fade when not using them frequently. Thanks for the video, it helped loads.
I really, really love that you don't edit out your mistakes! I sometimes feel so unbelievable stupid when such things happen to me, but it really helps me to see that even people with much more skill still sometimes mess up! I messed things up on this box (but at least i learned :D): I did not properly use sqlmap, so the whole token/cookie thing did not work, therefore I have written my own python blind sql injection script from scratch. While at it, I learned about python thread polls to pwn in parallel \o/ After extracting the admin hash, john failed to crack it and very much later I learned about mysql equals (or like) not beeing case sensitive and my script therefore extracting the hash with mixed case... So much pain, but a lot to learn even just extracting and cracking the password! Thanks hackthebox for providing those machines!
🤣 love how I do the first 10 parts of teir 0 on the starting point, then it directs me to machines to try, and I'm like sure why not, oh hey a very easy one......I watched 10seconds of your video and I'm lost instantly.....very easy my a** 😂 great video though
that's me right here, I don't know even where should I start and I feel so lost. Like I understand all these instruments that he uses, but how the fuck do I know all flags and know what to do or where to look. Im so lost over cyber..
@@timgreen5281 just keep doing it everyday you feel lost cause there is thousands of things to learn and you can't do that in even a year. look at his channel history he has been doing this for more than 7 years just keep grinding. this is one of the hardest fields to learn.
@@timgreen5281 It's ok man, I'll answer your questions: To "know all the flags" you simply need to know what the program is doing first, what task is it automating that you should be doing manually? "How do i know all the flags?" Let's say you are using gobuster, well then you should know that all the program is doing, is adding words in the /etc/hosts each time from a wordlist, and checking the return code from the website by spamming requests With this knowledge you are able to understand that gobuster needs "dir" to specify its on directories (because it has also domain discovery features and such) "-u" as the url to target, "-w" as the wordlist for the dictionary attack So not knowing flags is totally ok, you can use -h or see the manual to see examples, you really just know what you need. "How do i know what to do" First off, you need to "try them all" until you see interesting outputs, you need to understand XSS payloads and craft them as a way to try to break in, then use SQLi payloads to see how the server handles it (like in this box), then maybe checking for SSTI by manipulating the request via Burp. You have to try anything you can do to get access "How do i know where to look" Once you understand these concepts i told you about, the internet is the biggest tool even for the most expert hacker, lets say you find out a vulnerable SUID binary featuring git library of a python script that passes argv, looking up git library vulnerabilities and how to exploit them doesn't make you less of an hacker, those are all things you are learning and that will make you a better one!
it wasn't due to cookie timeout, as you saved the request data at wrong file "root.out" at 10:58 , and the sqlmap ran correctly after deleting the previous result data. (i unknowingly spoke loudly when you saved it at wrong file 😩)
always good to watch these videos because i did end up rooting it but i _did_ get stuck on the raw symlink not working (however creating a symlink to just, all of /root works) and now i know why ^_^
I did the exactly same thing that ipp do but i got this idk why is ipp's http header and mine is also same nothing more in there then why is that anyone have this same problem?
Completed this box today with help from the video. For some reason, the PHP web shell worked initially, got deleted by the script, and then stopped working entirely when trying to reupload (very odd). Used the php-reverse-shell script in the end and it worked consistently. Haven't owned a box for a year it shows. Fumbled over everything from upgrading the shell to dropping an SSH key into dash's authorized keys. It's crazy how quickly skills/knowledge can fade when not using them frequently. Thanks for the video, it helped loads.
I really, really love that you don't edit out your mistakes! I sometimes feel so unbelievable stupid when such things happen to me, but it really helps me to see that even people with much more skill still sometimes mess up!
I messed things up on this box (but at least i learned :D):
I did not properly use sqlmap, so the whole token/cookie thing did not work, therefore I have written my own python blind sql injection script from scratch. While at it, I learned about python thread polls to pwn in parallel \o/
After extracting the admin hash, john failed to crack it and very much later I learned about mysql equals (or like) not beeing case sensitive and my script therefore extracting the hash with mixed case...
So much pain, but a lot to learn even just extracting and cracking the password!
Thanks hackthebox for providing those machines!
I m watching your videos since 4 years and it really helps alot in understanding
Ipp is a certified hood classic
🤣 love how I do the first 10 parts of teir 0 on the starting point, then it directs me to machines to try, and I'm like sure why not, oh hey a very easy one......I watched 10seconds of your video and I'm lost instantly.....very easy my a** 😂 great video though
that's me right here, I don't know even where should I start and I feel so lost. Like I understand all these instruments that he uses, but how the fuck do I know all flags and know what to do or where to look. Im so lost over cyber..
@@timgreen5281 get on HTB academy boss!
@@timgreen5281 just keep doing it everyday you feel lost cause there is thousands of things to learn and you can't do that in even a year. look at his channel history he has been doing this for more than 7 years just keep grinding. this is one of the hardest fields to learn.
@@timgreen5281 It's ok man, I'll answer your questions:
To "know all the flags" you simply need to know what the program is doing first, what task is it automating that you should be doing manually?
"How do i know all the flags?"
Let's say you are using gobuster, well then you should know that all the program is doing, is adding words in the /etc/hosts each time from a wordlist, and checking the return code from the website by spamming requests
With this knowledge you are able to understand that gobuster needs "dir" to specify its on directories (because it has also domain discovery features and such) "-u" as the url to target, "-w" as the wordlist for the dictionary attack
So not knowing flags is totally ok, you can use -h or see the manual to see examples, you really just know what you need.
"How do i know what to do"
First off, you need to "try them all" until you see interesting outputs, you need to understand XSS payloads and craft them as a way to try to break in, then use SQLi payloads to see how the server handles it (like in this box), then maybe checking for SSTI by manipulating the request via Burp. You have to try anything you can do to get access
"How do i know where to look"
Once you understand these concepts i told you about, the internet is the biggest tool even for the most expert hacker, lets say you find out a vulnerable SUID binary featuring git library of a python script that passes argv, looking up git library vulnerabilities and how to exploit them doesn't make you less of an hacker, those are all things you are learning and that will make you a better one!
it wasn't due to cookie timeout, as you saved the request data at wrong file "root.out" at 10:58 , and the sqlmap ran correctly after deleting the previous result data. (i unknowingly spoke loudly when you saved it at wrong file 😩)
i was looking for this comment 😂😂😂😂
@@helidem😁
Awesome ase per usual thanks for the vids !
Awesome 👍
The easiest ctf in my whole life i saw it
always good to watch these videos because i did end up rooting it but i _did_ get stuck on the raw symlink not working (however creating a symlink to just, all of /root works) and now i know why ^_^
I know why creating a symlink to /root/root.txt doesn't work, but why does creating a symlink to /root works?
@@AUBCodeII i deadass have no idea! somethign to do with the fact that it's a folder and not a file? hopefully someone who knows can answer
Does anyone got this error from sql map after saving request into a file and use that is "unable to find http header" anyone?
I did the exactly same thing that ipp do but i got this idk why is ipp's http header and mine is also same nothing more in there then why is that anyone have this same problem?
Can you do a video about that hashcat box How i cam build my own???
10:48 RIP cookie :(
☹️slove hard and insane machine with guided mode
Nice one
Thank you!
Push!
Ipp doesn't like me anymore :(
Just a busy time of year and I’m not on the PC much to comment
@@ippsec Oh, ok
26seconds
as always awesome
!