The benefit of this format is not only do you get a walkthrough but you might get a vim tip or a tip to convert your burp suite repeater data to a curl command.
I think the reason you're getting the file content when you do 'ls' @1:34:00 is because of missing break statements for each 'case' condition. In Java, it's required to add the break statement after each 'case' condition ends, otherwise, it'll continue until it finds a break or until the default case.
i like when machine creators lead you to either a id_rsa or a password. that way, in practice, you can jump straight to lateral movement or priv esc if desired, especially on insane machine. its like a checkpoint.
this is a simple request from a beginner. can u add beyond root part to every video. even thought they are easy box nothing crazy to show, can u route us through the box, showing how the site is hosted, how the inside is working, what are the main points we need to check, how the box creator has done things using crons like that. thank you. i always amazed by ur knowledge
I have one simple question: which technique should we apply for exploiting the machine after lots of enumeration? 1. Breadth First Search (Horizontally Proceed) - Means First of try all thing as surface level for initial foothold 2. Depth First Search (Vertically Proceed) - Means First Take one thing and deep dive into it and then another one.
Question: Why did you use http to transfer files from your host to victim but used nc the other way around (twice)? any specific reason or just your standard flow?
Habit - Generally speaking when doing offensive work, your target will be behind a NAT. So standing up a listener won't help much as there isn't the port forward (PAT) setup to access the webserver from the outside. On the attacking side, you have control of the router, or are you just are on a routable IP Address, so you can stand up a webserver.
Very well could be -- Something changed my volume settings before recording this video. Think Zoom maxed out my microphone and I had to find out the right settings.
That sneaky video was the good one :) I'm still smiling when I recall you reading the entire 'Total number of IPv6.' aaah good old days.
The benefit of this format is not only do you get a walkthrough but you might get a vim tip or a tip to convert your burp suite repeater data to a curl command.
23:41 You can undo an accidental tab close with ctrl+shift+T Thanks for being awesome! ❤
I think the reason you're getting the file content when you do 'ls' @1:34:00 is because of missing break statements for each 'case' condition. In Java, it's required to add the break statement after each 'case' condition ends, otherwise, it'll continue until it finds a break or until the default case.
Ah. Thanks! Yup that would explain it.
i like when machine creators lead you to either a id_rsa or a password. that way, in practice, you can jump straight to lateral movement or priv esc if desired, especially on insane machine. its like a checkpoint.
this is a simple request from a beginner. can u add beyond root part to every video. even thought they are easy box nothing crazy to show, can u route us through the box, showing how the site is hosted, how the inside is working, what are the main points we need to check, how the box creator has done things using crons like that. thank you. i always amazed by ur knowledge
Out of the box thinking 💯
I have one simple question: which technique should we apply for exploiting the machine after lots of enumeration?
1. Breadth First Search (Horizontally Proceed) - Means First of try all thing as surface level for initial foothold
2. Depth First Search (Vertically Proceed) - Means First Take one thing and deep dive into it and then another one.
I think it depends on the situation I personally do breadth first if i see a lot of ports and if i see only 2 or 3 ports then depth first.
I go Horizontal, then exploit what I think will be the quickest first.
wait when did we start having Algorithms for hacking. Cool.
The best way is the ippsec way.
@@moretto8589 I like this. This is what I do too. Probably why I get overwhelmed when there's a lot of ports to check.
Greeting From Morocco
Mgharba everywhere
Mgharba everywhere
@@abdelhay.Wayih
hhhhh
Ipp, you have a smooth brain. No ridges or lumps, or valleys or bumps; all ideas slide right off, like a waterslide!
Practice over years makes us think like a robot.
@@NicolastheThird-h6m Smooth brain is actually good, because:
* Smooth
* No wrinkles
* Cute
* Can't think = no sad
Question: Why did you use http to transfer files from your host to victim but used nc the other way around (twice)? any specific reason or just your standard flow?
Habit - Generally speaking when doing offensive work, your target will be behind a NAT. So standing up a listener won't help much as there isn't the port forward (PAT) setup to access the webserver from the outside.
On the attacking side, you have control of the router, or are you just are on a routable IP Address, so you can stand up a webserver.
is the volume a little lower or is it just to me?
Very well could be -- Something changed my volume settings before recording this video. Think Zoom maxed out my microphone and I had to find out the right settings.
@@ippsec No worries Man, I increased the volume. We all good, it wasnt that low.
This box was a struggle for me
Push!
Se garantiu
first