Sorry Ipp, but aren't you mistakenly calling "/..;/manager" off-by-slash at 4:55? I think you called this technique URL confusion during RegistryTwo. I think off-by-slash is when you do "/assets../flag.txt" or something, like you explained in Cybermonday. Unless "/..;/manager" is also considered off-by-slash. Please do not take offense as I just want to figure out which technique is which. My broken English doesn't help as well, lol. Thanks!
I'm not positive but I think I made the mistake in RegistryTwo just because I didn't know the term "Off By Slash". The Off By Slash is when the location in NGINX doesn't have a trailing slash. I am 80% sure that for /..;/ to work, nginx has to have this vulnerability. The difference between ../ and ..;/ is just the nginx setup you are exploiting.
always the best to explain things very clearly. Thanks 👍👍👍
i actually learn lots of tip & trick from you. thanks !!!
CHEF CRISP WUZ HERE! Thanks for all you do!
Unbelievably good
Have you ever considered using a base32 encoded bash shell instead of base64? It can have = for padding of course but no + because of the chars used.
proper fingerprinting wins the race every time like we saw springboot enumeration
Ippsec rocks!!! 🙂
i was waiting for your video 🥰
Hey IPpsec have u thought about doing a series on getting started ? Like how to llearn from square one.
what is that kracken used for hash cracking?
I think, it's a ippsec host machine.
He ran Linux in VM and ssh to the host machine for cracking hashes ❤
A machine of his equipped with a GPU so he can crack passwords
@@GajendraMahat may be he setup 10 parallel rtx 4090 rig on cloud
@@monKeman495 it says 1080 tho
Oh i had tried it)))) just yesterday
Sorry Ipp, but aren't you mistakenly calling "/..;/manager" off-by-slash at 4:55? I think you called this technique URL confusion during RegistryTwo. I think off-by-slash is when you do "/assets../flag.txt" or something, like you explained in Cybermonday. Unless "/..;/manager" is also considered off-by-slash. Please do not take offense as I just want to figure out which technique is which. My broken English doesn't help as well, lol. Thanks!
I'm not positive but I think I made the mistake in RegistryTwo just because I didn't know the term "Off By Slash".
The Off By Slash is when the location in NGINX doesn't have a trailing slash. I am 80% sure that for /..;/ to work, nginx has to have this vulnerability.
The difference between ../ and ..;/ is just the nginx setup you are exploiting.
@@ippsec I see. Thank you very much for the response! You rock! :)
Hey Ipp, what's 9 + 10?
Push!
ippsec i need to start a channel like yours any tip so i dont make mistake
First :P
Sir also solve the active machines instead of retired 😁😁😁
That’s against the terms of HTB
Where's the challenge if you get the answers. Retired are great for learning and having some aid