37:33 Hackers forgetting to update their tools and companies forgetting to update their packages. Never though I would have those two things in the same sentence :) Just joking great video, really like the sqlmap debugging segment.
@time_to_play_007
Жыл бұрын
Это было мощно! Спасибо!
@pepemunic3661
Жыл бұрын
like always, thanks man
@nuridincersaygili
Жыл бұрын
Thanks for the content! When I see the foothold exploit, I expect a python script to automize the progress :)
@NeverGiveUpYo
Жыл бұрын
Love your content dude
@blackthorne-rose
13 күн бұрын
After enumerating the hell outa the file system... still can't identify what HTB wants for "what is the password manager on the remote host"?
@DHIRAL2908
Жыл бұрын
Couldn't we have just replaced the admin hash using the SQLi, and edited a PHP to get RCE?
@GajendraMahat
Жыл бұрын
is it works??
@0x1sac
Жыл бұрын
That's a good idea, that technique is usually called "stacked queries". It is generally not possible to do this in a traditional SQL injection vulnerability on MySQL, as you are restricted by the context of the original query. If we could do stacked queries, it would probably have worked.
@AUBCodeII
Жыл бұрын
Ipp, you should name a box Toy Story 4
@dadamnmayne
Жыл бұрын
would a hardcoded nonce be considered a vulnerability?
@lonelyorphan9788
Жыл бұрын
Ippsec rocks!!! 🙂
@kalidsherefuddin
Жыл бұрын
Thanks
@mohamedtahahnichi2738
Жыл бұрын
First❤
@_hackwell
Жыл бұрын
I usually don't have much success with sqlmap so I end up doing the injection manually. What's the point of having a tool which needs you to specify the method and the injection point?
@randomnickname00
Жыл бұрын
I mean, injection point then you need to know it anyway, even if you do it manually. About specifying the method, you don't really have to, but it's useful if you want to try for some really specific method, working on a time based injection can really be a pain for example, so you can try to search for error based injection, union, etc.
@_hackwell
Жыл бұрын
@@randomnickname00 when you provide a curl request to sqlmap , it should identify the injection point. Box creators tend to write code that fools sqlmap so one could easily miss a vulnerability relying only on the tool and that's what Ippsec showed in this video. Same goes with gobuster. I tend to use wfuzz instead
@ANTGPRO
Жыл бұрын
Automatization it’s a point.
@_hackwell
Жыл бұрын
@@ANTGPRO yup exactly. No tool can replace a hacker 😁
@randomnickname00
Жыл бұрын
@@_hackwell Oh, you meant this, sorry thought you were talking about the endpoint, like /vulnerable.php for example
@tg7943
Жыл бұрын
Push!
@yuyu-ce4fz
Жыл бұрын
Thank
@victorkuria4734
Жыл бұрын
using a '-p' to specify a parameter will less than likely cause sqlmap to ever fail, instead of adding a * in the request..but again you seem to not have your tools updated xD
@ammarabu5mes271
5 ай бұрын
What is the Kracken ? I am kinda lost here.
@Horstlicious
3 ай бұрын
He explained (13:18 -13:37) that the kracken is another box on his local network he uses, because cracking hashes in a vm is slow. He probably (just my assumption!) uses a gpu there.
@sams7888
Жыл бұрын
Next the inject machine please
@pranavarora250
Жыл бұрын
how did you run hashcat so fast ? Ik on VM its slow but it takes ages for me to run
@magikarpslapper759
Жыл бұрын
He's probably got it hooked up to a beefy graphics card. The difference between my CPU and my 1080 is insane.
@magikarpslapper759
Жыл бұрын
Also I think VMs need to be configured to allow GPUs to be used. If you use a GPU with the VM, I think it can't be used for the main machine at the same time.
@gandelgerlant565
Жыл бұрын
Exaclty, you need to enable GPU pass-through to have native performance
@flrn84791
Жыл бұрын
He obviously doesn't run it on a VM, but on a dedicated cracking machine...
@Horstlicious
3 ай бұрын
@@flrn84791 He explained (13:18 -13:37) that the kraken is another box on his local network he uses, because cracking hashes in a vm is slow.
@boogieman97
Жыл бұрын
Hi Ippsec, how would you do a jinja2 SSTI in an HTML email form, where length of input is max 60 characters and common characters used in a SSTI are not passing the email validation, like parentheses and square brackets, forward and back slashes. Any type of encoding / double encoding results in an internal server error.
@bmdyy
Жыл бұрын
First
@ayushprajapati9486
Жыл бұрын
and this was an easy machine
@Fbarrett
Жыл бұрын
Yea sure after you watch him do it.😁
@flrn84791
Жыл бұрын
This one actually is easy, just a bunch of CVEs and password cracking, nothing hard to it, and it fits the easy category for once.
Пікірлер: 40