Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec
Ойындар
Let's play Cyber Mayhem! ⚔️
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.
HBG streaming is not allowed currently, but stay tuned as cool updates are coming up! Currently, we are on Early Beta, so battles are available for VIP and VIP+ players.
Play Hacking Battlegrounds here: app.hackthebox.eu/battlegroun...
Read more info about HBG: www.hackthebox.eu/press/hacki...
HBG is here! Get Ready, Set, PWN! 🏁
00:00 - Introduction
01:43 - Logging into Battlegrounds
04:30 - Going over my current workflow/setup.
06:25 - My Start Battlegrounds script, just setting up a WWW Directory with my IP Address.
07:20 - Going over a script I use to quickly SSH into the defending castles.
08:15 - The Get Flags script, which just SSH's into machines and cats flags.
09:10 - Going over Metasploit.
10:10 - Setting up BurpSuite to only intercept traffic to the castles.
11:50 - Doing a dry run of setting up my scripts, while I wait for a queue.
13:15 - Showing my favorite incident response command, ps -aef --forest.
13:45 - Going into a processes /proc/ directory to look at their current working directory.
16:15 - Match Found! Going into the lobby and downloading an OpenVPN Key.
17:50 - Match Started, setting up the battleground script and going to each castle, then pressing: Ctrl+Shift+R
18:50 - Assigning a box to myself to notify the team I'm working a box and logging into the blue box.
19:25 - Intercepting a login request, seeing this is XML, trying XML Entity Injection.
20:50 - Grabbing the SSH Key for Olivia and logging in.
22:20 - Discovering how to patch this vulnerability and validating our patch (libxml_disable_entity_loader).
23:40 - Finding Olivia's password, running sudo and seeing there are a few GTFOBins to privesc
24:50 - Running SYSCTL to dump the root's SSH Key and logging into the box.
26:30 - Doing some light Incident Response on our box to hunt for revshells. I missed a shell here! Metasploit can be found at PID 3437...
28:40 - Starting a TCPDump and then logging into the other castles.
31:00 - Finally found the reverse shell! on our box. Checking the current working directories
32:10 - Grabbing the IP Address of the shell to look at HTTP Access Log. Still don't really see any malicious HTTP Requests.
35:50 - Incorrectly killing the process, then running TCPDump.
38:30 - Killing their shell for real this time.
39:50 - A different box got owned, finding a reverse shell.
42:00 - Tobu keeps getting a flag on another box but has no shell, doing some incident response to find out what happened.
43:00 - Checking a theory on how to access the flag (LFI with file:///etc/passwd). Then doing a bad/hacky patch to prevent the flag from being passed into the parameter.
47:00 - Doing a bad job analyzing that TCPDUMP we captured earlier with Wireshark.
51:15 - Examining the HTTP Headers to /blog, to discover an Xdebug header, checking the exploit in Metasploit.
52:49 - Doing some IR against our meterpreter session. Seeing how well it stays hidden prior to running a shell.
54:30 - Disabling Xdebug. 😎⚔️🎮🏁
Пікірлер: 142
Its kinda depressing to see how good they are when you just started getting into hacking Edit: its now only four months later and i understand what he is doing! Yay
@berthold9582
2 жыл бұрын
very true😢
@jamisonmartino1136
2 жыл бұрын
@@berthold9582 Hacking is no easy subject. But nobody knows everything, and you learn over time. Anyone can reach this skill level if they stick with it for long enough!
@davidbuckalew5995
2 жыл бұрын
Yeah
@vikrammalkan4695
Жыл бұрын
Dude Same ;(
@nt6343
Жыл бұрын
same :(
watching ippsec navigate tmux is like watching a ballet recital...so effortless :')
@thfjamal
3 жыл бұрын
I'm glad me thinking that is actually true and not just my noobish thinking. I'm just getting into all of this.
when you see ippsec in your team... :D or the horror of seeing ippsec on the other team.. :S
@CM-de6pj
3 жыл бұрын
Ippsec AND MinatoTW
@ippsec
3 жыл бұрын
@Sae x . Was that the game where I submitted a flag in the final 10 seconds to take the lead? That was a fun one!
I'm nowhere at all near this level of hacking and have not done blue team stuff before but this video was excellent. Seeing how you identify shells/meterpreter processes from a defender's POV was educational and exciting and I learnt alot from this 1h video! Thanks ippsec. I'll probably try out battlegrounds in the far future once I've learnt more
@InfiniteLogins
3 жыл бұрын
lol @ far future
@sethadkins546
3 жыл бұрын
Right there with ya. This sounds sick, though I'm only a beginner in hacking.
This is amazing, I feel like I'm watching an OG MLG tournament.
This was amazing to watch! Hopefully you'll be able to share more of this in the future!
This is amazing for intermediate learners like me...God bless you ippsec!
Was very nice to watch! Keep the videos like this coming @HTB!
im a simple man. I hear ippsec, I subscribe
what a great content. I love watching ippsec do it days to days 😊
Awesome vid! I actually understood everything you did, I just wouldn't be able to remember all the commands and stuff to do it myself yet lol
This is awesome ippsec! more of this please! Thank youu!
This is awesome. We need more videos like this. I really hope ippsec will continue making videos playing Mayhem
This is great. Loved it @ippsec
That was awesome! loved it. thanks
The background music reminds me of mass effect..Cool!
Thanks for all the times you carried me my dude :D
Amazing content guys. Learning so much.
I am recently studying blue team stuff and I am so happy that it won't be a waste T^T
That was awesome. Thank you for the content.
very cool man hope to see more #HBG 🔥
I know this is a long time ago. Just started my hacking endeavors a little while ago--unless you count the stuff I did in dos and unix 30 years ago...Anyways, watched 15min of this. Damn, this guy is fast. My head started to spin.
That's insane!!! More gameplay videos with @ippsec
This is epic please continue !
I have no idea what imp seeing or what's going on but being a cyber security major this is exciting.
What the hell...Just an XML one-liner right from under the sleeve...I'm afraid I have much to learn.
@ybygaming4229
3 жыл бұрын
lmao same here
Holy f**k.... Man I recently started my journey with pentesting. I wanted to know how battlegrounds work and try them myself. Your video was intimidating :D Back to studying for me I guess:D. Thank's for showing me new skills. It was definitely worth my time!
@nocturne2172
Жыл бұрын
well, the usual cycle goes like that... you study your ass just to realize you know nothing then back to study. You never stop learning, i guesss thats why CS is fun.
great video, thank you ippsec
When he did tree for forest omg that lvl of heartbeat😂
Great Great game and ippsec is so awesome keep the videos coming
Its very good! Working! Thanks.
EPIC!! Thanks!
This sounds amazing! Very nice 👏👏👏
@deafuchihahockminhyuk5543
3 жыл бұрын
Hello why mati?
When IppSec allows the service to run but won't show the password anymore "Let's have some fun :3"
You're really good at this
Sick IR introduction!
You have inspired me to pick up tmux and start using it! You're a smart dude don't get me wrong, but man your tmux mastery is next level! Also watching your videos makes me realize I cant keep ignoring burp suite.....
Epic 🔥🔥
Cool! This is awesome!
Ippsec where have you been all my life
Clicking on this with words"Thats not ippsec but i will give it chance"
Ippsec playing it! Awesome Ippsec is playing against us! Panik!!!!
this is amazing by hackthebox!
I'm a pee-wee noob in cyber, and I have no idea what he's talking about. Lol But I'm willing to learn!!👌
Nice video.. thank you ...
Nice video. Thx a lot
this man's kung-fu is on another level
Absolute UNIT
This is insanely cool
Great video!!
i have absolutely ZERO coding/hacking experience so this video looks like a sci fi movie lol.
Great video. Understood nothing 👍 (Not because you said anything wrong but because I'm brand new to all this)
You could stream on BitChute, Dtube, DLive, BitTube or use LBRY
Great Video
really fun video!
Wooow that's awesome.
this is next level...
the adrenaline rush...
Awesome content :)
Great content
is this good for new people to learn the basics to? also if so how do i sign up and pay the 10 just keeps asking for invite code
this is so cooooool
GOAT
Respect from Serbia!
IPPSEC IS ON SPEED RUN !!!!
@Ippsec 😍
this is epic
that's really cool man, but I have a question, why do you write script with bash and not python, is it because it is guaranteed that the other machine will understand it ? , or is there another reason ?
@ippsec
3 жыл бұрын
It’s just easier to do in bash. If I did it in python I’d probably be doing os.system() anyways.
@ggok1876
3 жыл бұрын
@@ippsec yeah right, thanks man
What type of laptop should I buy for this type of work?
Where should i start?Should i learn networking before i try to learn hacking? All of this is pretty confusing.
i watch it !!
hey I need help I have tryed to follow the diffrent "tools" your showing from 6:25 to 11:45 but when I run ./startbg.sh it will just say permission denied. How can I fic this pls help. ps I am a noob so explan with simple word thx
dude so cool
ippsec is 💗
He's so FAST ZAMMN
This is why they invented kali purple.
Still learning so I'm not to this point of hacking. I do use htb, otw, thm sites that I use to learn. Would anyone have any suggestions on anything else? I'm a quick learner and any input would be great on steps perhaps you took in learning or tools. Any help is appreciated.
@julessbader1435
3 жыл бұрын
If you want to learn web app security, try this : portswigger.net/web-security
@Reelix
3 жыл бұрын
Watch all of IppSecs "Easy" videos - Makes a great tutorial series :)
@HairEEck
3 жыл бұрын
What's otw?
When you thought you were a hacker then watched this and realized you don't understand anything :'(
@AreYouAMazed
3 жыл бұрын
🙌 ITS NEVER TOO LATE
@GeekyGizmo007
3 жыл бұрын
that's how I felt. I almost quit my entire career track from imposter syndrome.
How about creating a bash script to kill all www-data sessions that have a valid "/bin/bash" or "pts/" and run it as a cron job every 5 seconds to kill the PID
LOOOOOOOOOOOOOOOOOOOOOOOOOOOL
based game
Wow... Intresting.. To watch... Live attack and defend.😂😂😂 "" If hacking is an art IPPSEC is a picasa."".😍😍
@deafuchihahockminhyuk5543
3 жыл бұрын
Hello?
IppSec Is God lol
can someone assist me setting this up on a MacBook Pro? Im buying a Thinkpad in like 2 weeks.
WTF!? Are you santa from Mr Robot season 4 ep 4 @ippsec ?
yo where the hell does he learn all this stuff? like he even knows some 3rd party tools useful for some specific tasks, wtf how do you find them
This guy could hack the NSA from his Nintendo switch while sitting on the toilet.
Is it legal to share so much knowledge in 1 video.
Defenders shouldn't just kill shells Ipp: kill -9 {shell PID}
@ippsec
3 жыл бұрын
To be fair, I didn't just kill a shell. I put in a fix then killed it. I feel that is completely different.
I have subscribed to your patreon. I would love to access to your drive. I have sent my info to you.
Hmm “let’s see”
Please help me out my nmap is showing host seems down
@R4T_
3 жыл бұрын
lol, use -Pn to skip host discovery , probably a windows PC that drops icmp pings
@ayushsinghal6092
3 жыл бұрын
@@R4T_ i have tried that... But it not worked
@R4T_
3 жыл бұрын
@@ayushsinghal6092 what is your discord?
im so blown
How to scroll In tmux?
@gebran5
3 жыл бұрын
Crtl+b and [ then sroll mouse or page up and down
@enesozdemir9973
3 жыл бұрын
setw -g mode-keys vi with this in your .tmux.conf you can page up and down with ctrl + f/ctrl +b
@cimihan4816
3 жыл бұрын
@@enesozdemir9973 what about copying text into clipboard?
dude why thos scripts
Is this free? Just to learn how to hack I hack the box to get invited. :)
Does this ego guy have KZread?
@malikkkk2679
3 жыл бұрын
he has a twitter account twitter.com/whortonmr
@deafuchihahockminhyuk5543
3 жыл бұрын
Hello?
@deafuchihahockminhyuk5543
3 жыл бұрын
@@malikkkk2679 hello?
@malikkkk2679
3 жыл бұрын
@@deafuchihahockminhyuk5543 ?
Sa se n'es pas a mon niveau