I remember one year ago I was very beginner at hacking and said, let's watch easy videos to start, and this video made me really sad. now one year after I didn't cry watching again
A very cool and detailed analysis of this car. Many people don't care how the exploit works, but just publish the vulnerability. It's nice to see in the wolkthrough that there is still an analysis of why the exploit worked. I love ipsec for that. I still haven't figured out how to get into the >SSH command prompt (~L\ or ~C\), what to look for when you press "C". Maybe you need to press a hotkey?
Thanks Ippsec for this new "After Exploitation inspection" section in your recent videos. Can you also do them for AD machines in the future for better understanding of why we can enumerate null authentication, why we can list smb shares anonymously and stuffs like that
in your running ssh session just copy ~C and paste it in your terminal. another way you run cat command and then paste the ~C to run a command line or ~? to get more commands. Note : it should be the first in the line.
Just managed the user flag on this one before its getting retired. Won't have time to try for the root flag anymore today so watching this later and learning will be fun.
Thanks for the explanation on the shell for zsh! I've seen other ways to do that, but I end up getting some weird line wrapping sometimes so I would switch to bash before setting up the listener, but I also forget to do that sometimes and have to re-establish my shell. I've learned a lot from your videos and really enjoy your approach to each box.
Hey Ipp! Another great video. A quick way to prettify the javascript source files is F+12 > debugger tab > app.js > then click the prettify button from within the developer console. You weren't imagining the button XD it's there (just not in view page source)
38:11 The gobuster returned "[ERROR] ... connection refused" I have the same error too and the port forwarding is terminated. Any idea why does this happen? The error messages in the port forwarding are like: "channel X: open failed: connect failed: Connection refused" "client_loop: send disconnect: Broken pipe"
The first laravel exploit does work - you could guess the log file location using the information about the location of the files mentioned in the debug output on /profiles.
When you examine the http headers for the api you missed the x-powered-by header that told you this was strapi cms. Otherwise great walkthrough as always.
sir you have mentioned to reach the site i will have to add the IP to /etc/hosts file, directly typing IP in the url tab states "unable to reach the site" but after adding to hosts file i am able to reach, but why does this happen??
imgur.com/a/mAtT3YN If you curl the IP, you can see that we're getting a response but it's a redirect to horizontall.htb (which doesn't exist on the internet): the website wants us to access it via horizontall.htb. To remedy this, we add the IP-to-hostname mapping to our local hosts file so that when we navigate to horizontall.htb in a web browser, it's locally resolved to the correct IP.
great vid as always. by the way, my progress stalled in htb academy since ffuf was not installed on the box. can you please check the parrot os' basic template?
All boxes while active are free... Once they retire, which means writeups and videos are allowed they remain free for 2 weeks. After that you need VIP or VIP+ to play old machines.
Before I had a VIP account, when I was just starting with hacking, I made sure to own and understand (to the best of my abilities) everything I could about each box during the two week window after retirement using walk-throughs, writeups, etc. It's a great way to learn.
I hate this machine so much, i have tried it couple of times and get stuck nonetheless. I wanted to do it on my own though now i will watch ipsec's video to figure out what i did wrong
I remember one year ago I was very beginner at hacking and said, let's watch easy videos to start, and this video made me really sad. now one year after I didn't cry watching again
26:41 the problem was with the "-", you should have wrapped the users-permissions_user in backticks: `users-permissions_user`
Thank you!
I knew that the prblm was in the dash but i didn't know how to solve it xD
A very cool and detailed analysis of this car.
Many people don't care how the exploit works, but just publish the vulnerability.
It's nice to see in the wolkthrough that there is still an analysis of why the exploit worked.
I love ipsec for that.
I still haven't figured out how to get into the >SSH command prompt (~L\ or ~C\), what to look for when you press "C".
Maybe you need to press a hotkey?
At 5:31 the html source was laid out in a “horizontal” manner
Hahaha I wish I thought of that.
1h of his content is like 4y of Computer science college
Thanks Ippsec for this new "After Exploitation inspection" section in your recent videos. Can you also do them for AD machines in the future for better understanding of why we can enumerate null authentication, why we can list smb shares anonymously and stuffs like that
35:40 I have no idea how to get it to show ssh> using C. What inputs did you press? I can't get it.
in your running ssh session just copy ~C and paste it in your terminal.
another way you run cat command and then paste the ~C to run a command line or ~? to get more commands.
Note : it should be the first in the line.
Just managed the user flag on this one before its getting retired. Won't have time to try for the root flag anymore today so watching this later and learning will be fun.
Thanks for the explanation on the shell for zsh! I've seen other ways to do that, but I end up getting some weird line wrapping sometimes so I would switch to bash before setting up the listener, but I also forget to do that sometimes and have to re-establish my shell. I've learned a lot from your videos and really enjoy your approach to each box.
Feroxbuster looks neat! 👌
Hey Ipp! Another great video. A quick way to prettify the javascript source files is F+12 > debugger tab > app.js > then click the prettify button from within the developer console. You weren't imagining the button XD it's there (just not in view page source)
Thanks! That was the piece I was missing
@@ippsec I was laughing when you were like: "Maybe I'm just imagining it....." 😂
videos are dope and helpful. thanks dude.
38:11 The gobuster returned "[ERROR] ... connection refused"
I have the same error too and the port forwarding is terminated.
Any idea why does this happen?
The error messages in the port forwarding are like:
"channel X: open failed: connect failed: Connection refused"
"client_loop: send disconnect: Broken pipe"
The first laravel exploit does work - you could guess the log file location using the information about the location of the files mentioned in the debug output on /profiles.
What is the thought process to look for VHOST? I wracked my head on this one trying to use dirbuster.
~c is not working. I cannot seem to get the portforwarding to work in any way,
When you examine the http headers for the api you missed the x-powered-by header that told you this was strapi cms. Otherwise great walkthrough as always.
47:35
sir you have mentioned to reach the site i will have to add the IP to /etc/hosts file, directly typing IP in the url tab states "unable to reach the site" but after adding to hosts file i am able to reach, but why does this happen??
imgur.com/a/mAtT3YN
If you curl the IP, you can see that we're getting a response but it's a redirect to horizontall.htb (which doesn't exist on the internet): the website wants us to access it via horizontall.htb.
To remedy this, we add the IP-to-hostname mapping to our local hosts file so that when we navigate to horizontall.htb in a web browser, it's locally resolved to the correct IP.
Great video as always.
Thanks ippsec 😊
How long did you take to do this box prior recording this?
Thank you, kind sir
thanks for the content \o/
great vid as always.
by the way, my progress stalled in htb academy since ffuf was not installed on the box. can you please check the parrot os' basic template?
Are you talking about pwnbox? If so, I can forward this to the people that do update it.
Yes, the default pwnbox for the module doesnt have ffuf installed. Thank you for your help ippsec
I kinda wanna see ippsec do a room live without any prior knowledge
I used to do it with easy boxes. However now I generally help vet boxes before they get to the platform to make sure it’s enjoyable.
I really wanted to see how is it also, a black box testing
awesome video
Are these boxes free?
All boxes while active are free... Once they retire, which means writeups and videos are allowed they remain free for 2 weeks. After that you need VIP or VIP+ to play old machines.
Before I had a VIP account, when I was just starting with hacking, I made sure to own and understand (to the best of my abilities) everything I could about each box during the two week window after retirement using walk-throughs, writeups, etc. It's a great way to learn.
@ippsec I think this should work in all shells: stty raw -echo && fg
Yep, that or semi colon both work
I have the worse luck with solving boxes that seem to get retired in succession.
I did solve this box this week, close call
Ippsec how your terminal is so colorful ? Looks so pleasing. Can u make a video on it. No kidding, actually really good.
It's just default terminal for ParrotOS.
I want to give up Kali just because of these beautiful terminal
seriously guys, what happened to the "easy" concept?? this is NOT an easy box
Easy has certainly gotten tougher, but there is starting point now that replaced what the old easy was.
@@ippsec firstly thanks a lot for your attention, and thanks to be honest with this topic. You are a hero to many of us
I am vip and always listen whats going on youtube.
backticks are the key 🙈
I hate this machine so much, i have tried it couple of times and get stuck nonetheless. I wanted to do it on my own though now i will watch ipsec's video to figure out what i did wrong
u need to pause so we can see the screen before you execute commands especially when you change them after an error
First