Great video as always! Would recommend the tool 'q' for writing sql queries against csv-like files/output, very powerful! Nice tip with snmpbulkwalk, I just found what I wanted in the nmap sC output and stopped there. :)
I went and uncommented "EscapeChar ~" in my ssh_config file, and restarted the ssh session... however doing the ~C sequence simply leads to a message "commandline disabled"...
That's really great video and the detail explain about the step, thanks for this video. but I have one question about the final step in create ssh connection, why the 'sudo -l ' can execute after ssh connect but it will failed when using php reverse shell ? thank you .
Hey ipp, you've made quite some improvements in the way you present. Specially with the font size, If you can change the font to FIra Code Semi Bold the appearance will look much nicer. Moreover fonts like FIra Code, COmics Sans help people with dyslexia and astigmatism read more clear and reduce their chance of getting a head ache while watching your videos.
Thanks for the content, ippsec and for sharing your knowledge with the community! The machine was pretty straightforward. Personally, I've struggled with the inital foothold, because I've skipped the UDP scan in the enumeration phase. Finding the unauthenticated exploit / blog post the hardest part of the box imo. Interesting! Didn't know about the unintended path via admin session stealing. Cheers
why did you put "data"(id_usuario|s:5:"admin";) column in 3rd place(select 1,2,data). when sqlmap is clearly is showing it's 2nd column. Isn't it logical to follow correct column match. I struggled with it that's why asking. After matt login we can confirm that data is actually 3rd column in database, somehow sqlmap shows it in the incorrect order. Post root insights were useful for why this box was so weird.
I had the same question. If you look at sqlmap, as the information is being printed out vertically at first, it displays the columns correctly. But once they actually get printed out, sqlmap places them incorrectly. I am not sure why it happens but it could be one of those “don’t always trust automated tools”
you could try 'trial-and-error' and put the 'id_usuario|s:5:"admin";' in the first and second column you will see it gives you 'Access is not granted' .
hey ippsec, you think you could install or create something that logs all the commands you do? sometimes i like to talk about you with some of my friends and showing what commands you use can be frustrating to find. thank you
@@FrancescoBellei It wasn't working for me at first. Then I entered in "ssh ~C" and pressed enter. The result was an error message: "ssh: Could not resolve hostname ~c: Name or service not known". Immediately after that I just typed "~C" and without pressing enter, I was taken into the "ssh>" menu. Weird and I don't know why, but it worked.
Thank you for this and all your videos @IppSec. I am running into problems with the public-private key usage for the user matt. I have followed your steps multiple, but whenever I try (ssh -i matt matt@10.10.11.136) to ssh from my Kali machine to Pandora machine using the private key I created it always asks for a password. Has anyone else ran into this problem? Any help from anyone would be greatly appreciated.
Wow, I really thought the admin session stealing was the intended way and Pwnkit was the unintended, the more you know! Thanks for the video!
Lots of love from a oscp dreamer boy from india......
💌
You deserve more than million subscribers 🙂❤️
Great video as always! Would recommend the tool 'q' for writing sql queries against csv-like files/output, very powerful! Nice tip with snmpbulkwalk, I just found what I wanted in the nmap sC output and stopped there. :)
O.k. at 21:16 i have no idea what you did there... "if squiggly C is the first line on your ssh prompt"??? HUH? how did even get an ssh prompt there?
Loved so much this box
I went and uncommented "EscapeChar ~" in my ssh_config file, and restarted the ssh session... however doing the ~C sequence simply leads to a message "commandline disabled"...
yeah bro idk either
That's really great video and the detail explain about the step, thanks for this video.
but I have one question about the final step in create ssh connection,
why the 'sudo -l ' can execute after ssh connect but it will failed when using php reverse shell ?
thank you .
Hey ipp, you've made quite some improvements in the way you present. Specially with the font size, If you can change the font to FIra Code Semi Bold the appearance will look much nicer. Moreover fonts like FIra Code, COmics Sans help people with dyslexia and astigmatism read more clear and reduce their chance of getting a head ache while watching your videos.
Thanks for the content, ippsec and for sharing your knowledge with the community!
The machine was pretty straightforward. Personally, I've struggled with the inital foothold, because I've skipped the UDP scan in the enumeration phase. Finding the unauthenticated exploit / blog post the hardest part of the box imo.
Interesting! Didn't know about the unintended path via admin session stealing.
Cheers
why did you put "data"(id_usuario|s:5:"admin";) column in 3rd place(select 1,2,data). when sqlmap is clearly is showing it's 2nd column. Isn't it logical to follow correct column match. I struggled with it that's why asking. After matt login we can confirm that data is actually 3rd column in database, somehow sqlmap shows it in the incorrect order. Post root insights were useful for why this box was so weird.
I had the same question. If you look at sqlmap, as the information is being printed out vertically at first, it displays the columns correctly. But once they actually get printed out, sqlmap places them incorrectly. I am not sure why it happens but it could be one of those “don’t always trust automated tools”
you could try 'trial-and-error' and put the 'id_usuario|s:5:"admin";' in the first and second column you will see it gives you 'Access is not granted' .
how are you connected to pandora i cant figure out how to do this
hey ippsec, you think you could install or create something that logs all the commands you do? sometimes i like to talk about you with some of my friends and showing what commands you use can be frustrating to find. thank you
ok got my answer about ssh mode
I don't get it, can u explain? How did he get the ssh mode and which keys should I press? thx :)
you press ~ then C
@@FrancescoBellei It wasn't working for me at first. Then I entered in "ssh ~C" and pressed enter. The result was an error message: "ssh: Could not resolve hostname ~c: Name or service not known".
Immediately after that I just typed "~C" and without pressing enter, I was taken into the "ssh>" menu.
Weird and I don't know why, but it worked.
05:10 - Using nmap to scan NMAP
you mean SNMP
Love u man
thanks a lot bro
yes it is easy box :)
so... i'm doing the port forward in my initial ssh command... we'll see how this goes... lol
nice
Excuse me. I can't find the "Pandora Room". Please send me the Room ;)
yep. wonder wtheck is wrong with my escape character business..
"Easy" Box
thanks appsec you’re the best as always. is there a way to find 'id_usuario|s:5:"admin";' without sqlmap? since it is not allowed on the oscp.
When you dont have strings: grep -a -Eo '[[:print:]]{4,}' filename
First!
ayo
usuario can be Spanish or Portuguese ;)
Haiio
Thank you for this and all your videos @IppSec.
I am running into problems with the public-private key usage for the user matt.
I have followed your steps multiple, but whenever I try (ssh -i matt matt@10.10.11.136) to ssh from my Kali machine to Pandora machine using the private key I created it always asks for a password.
Has anyone else ran into this problem?
Any help from anyone would be greatly appreciated.
Yes, i am facing the same problem..Even reset the machine a coupe of times but not sure why its not working...
Wawoo, blacklisted....
Please make shorter videos, 1 hr is huge 😥
yes snmp ! when printer has "Access" as "50 00 41 00 53 00 53 00 57 00 4f 00 52 00 44,00,00,00"