Man you are awesome. I love the way you handle and understand things like it is nothing to you . I Wish i reach this level of professionalism.

@boogieman97

6 ай бұрын

You actually can. Ippsec reached this level by pure determination, tons of trial and error, a lot of reading, putting it into practice and most of all be curious and have the passion

@ippsec

4 ай бұрын

+1 to @boogieman97 keep in mind I’ve been doing videos weekly for 5+ years. Which isn’t a long time at all, but more frequent than the average person. If you create a plan and stick with it I’m sure you’ll be near this level

@boogieman97

4 ай бұрын

@@ippsec next to that correct me if I'm wrong, I've heard in one of your earlier videos that your carreer is far most autodidactic. Apart from that that might not be "long", it is about dedication and willingness to commit. Thats why I am highly appreciating Ippsec and of course subscribed, so if you agree folks do so as well 😃

I didnt think to try entity encoding the xml and resorted to the curl command. Nice to know about that now. My question is did we have to have all three lines in the xml? Or could it have been done with one? Great video as usual!

Cron Job Priv Esc learnt today, Great video.

Nice way of opening a shell using cron job. :)

So basically is it a vuln in the class - ClassPathXmlApplicationContext which is part of the Spring framework? And this being used by ActiveMQ made it vuln as this class loaded a crafted XML config file

its not even weekend wow love it

wow the dav method and cron are amazing

Hi Ippsec I was wondering if you could help? I am attempting this machine and I get into the activemq user initially through a meterpreter reverse tcp, then I get an interactive shell (python3 -c 'import pty;pty.spawn("/bin/bash")'. But when I try to edit the nginx.conf file with vi, the vi editor doesn't work properly and I can enter/exit insert mode or move around the text in the file with the arrow keys

Hey Ippsec thanks for the awesome video as usual. Are you planning to make videos on new HTB-Sherlocks when they’ll retire?

@ippsec

6 ай бұрын

I have not decided yet.

@yurilsaps

6 ай бұрын

@@ippsecI would appreciate a lot! Or if you know someone that you trust to make them also

Thanks for the tutorial!

❤❤❤

thumb up💯

In this box the port 2112 lists archive system of the machine with elevated privileges on the navegator

I have reset this box and gone through the same steps (i think) and there is no /root directory in /crontabs, also any file that gets uploaded doesnt have execute permissions(i changed permissions before uploading just in case). I uploaded the ssh keys just to login as root and check. Did they change the box?

Thanks ippsec ❤

Awesome ippsec!!

Thanks Ippsec

❤

Thanks

Push!

I can't find the challenge on HTB? (yes I'm looking under retired)

@ippsec

6 ай бұрын

You may have a filter on your search.

I got a 404 message not found error when I sent the file I tried send the packet without the poc xml and got a got a 200 get from server idk why

@GaelF30

6 күн бұрын

Im maybe late but i had the same problem. you have 404 because your poc-linux.xml file is on the CVE folder and your http server cant find it. just move poc-linux.xml to /home/[your account]/ i guess you started you http server on home directory like me :'(

Do you have a tutorial or can you recommend one on getting more comfortable with Vi/Vim?

Ippsec you said on a earlier podcast that you were going to start doing videos on the basic foundations of Hackthebox. Is that still in the works? Thanks.

@ippsec

6 ай бұрын

I want to, just can't get the motivation. If you look at the technique videos, I think I've started covering things just not from a foundation perspective.

@Fbarrett

6 ай бұрын

thanks@@ippsec

First .. now let me watch 😁

Nothing

I did a completely different technique for privesc using share object .so (Files), since we can modify the prefix with nginx i just needed to craft a .so files in a module directory, rename it correctly (ngx_http_echo_module.so), run with sudo ===> got error but BAM suid /usr/bin/bash -p