I feel like I'm learning a lot from just watching your videos even though I'm not on the HTB platform (yet, because this newb needs THM) and I feel like watching your videos is the best "test of my knowledge" as I follow along till I get lost. Then I just watch for fun, while still learning!
no educational value in this one. cant be a psychic every time knowing just the right thing, like doing the vhost scan right away, doing just the right nosql payload in 10 seconds, or took 10 second and doing chromium exploit - give me a break... if you know the solutions to the exam you can always look like a genius
The box was blooded in under 10 minutes, with many other solves right after that. 1. Most people will start with a VHOST Scan, always have things running in the background 2. NoSQL is pretty trivial there. 99% of Express Apps use NoSQL, so that's why you'd start with it. 3. The PDF Exploit there is also pretty common and covered several times on this channel When I solved this box, it probably took me less time than the video length. The mindset you have is harmful in my opinion. It would be like calling "Cold Readers" or "Mentalist" psychic, when they are just experienced at recon and asking the right questions. The same goes for applications, when you get in a routine and do these types of challenges every day. What can be exploitable sticks out, seeing Express in the server header probably means nothing to many people. But to the experienced it changes things up greatly.
I feel like I'm learning a lot from just watching your videos even though I'm not on the HTB platform (yet, because this newb needs THM) and I feel like watching your videos is the best "test of my knowledge" as I follow along till I get lost. Then I just watch for fun, while still learning!
great video, couldn't imagine doing these boxes without the help of your guides. you are helping train an army cyber soldier
That’s a good one! Thanks for the sidelines , I learn a lot from those
Sidelines are real life
I always learn or recall something with your videos. Thank You IppSec!
Thanks. ❤ I learned a whole lot. This one was trickier.
While you tried reading the /proc files, you forgot to use the returned id and still used the id_rsa one.
You finally got wappalizer lol. I was always wondering why you didnt have it
Whatweb is also good tool
Thank you ippsec!!
Awesome as always ❤
Great video again. Why do you use Parrot instead of Kali? Kali seems to be more refined.
The first thing i noticed is the new etc/hosts format. Is there a reason why it changed?
No idea why it changed.
32:10 yeah there are 7707 orders, 6200 more than Zerocool's worm crashed in systems...
An alternative solution to viewing the text in the is downloading the pdf and using pdftotext to view everything.
great video
please do an oauth code flow box if their any
What labs i should need to solve if i want to be a pro hacker in HTB
all of them
My heart ippsec
Push!
2nd
First
no educational value in this one. cant be a psychic every time knowing just the right thing, like doing the vhost scan right away, doing just the right nosql payload in 10 seconds, or took 10 second and doing chromium exploit - give me a break... if you know the solutions to the exam you can always look like a genius
The box was blooded in under 10 minutes, with many other solves right after that.
1. Most people will start with a VHOST Scan, always have things running in the background
2. NoSQL is pretty trivial there. 99% of Express Apps use NoSQL, so that's why you'd start with it.
3. The PDF Exploit there is also pretty common and covered several times on this channel
When I solved this box, it probably took me less time than the video length. The mindset you have is harmful in my opinion. It would be like calling "Cold Readers" or "Mentalist" psychic, when they are just experienced at recon and asking the right questions.
The same goes for applications, when you get in a routine and do these types of challenges every day. What can be exploitable sticks out, seeing Express in the server header probably means nothing to many people. But to the experienced it changes things up greatly.
great video