To do file enumeration with the sql injection you could have used the option --common-file and pass it a wordlist then use --file-read= to read the file all with sqlmap. Great video :)
@saketsrv9068
2 жыл бұрын
Waiting for insane release,but kudos to your dedication !
@cosmicrisis5699
2 жыл бұрын
Did the box get changed after this video? The writer_web directory isn’t writable for me despite using smbclient and when I finally got in the box I saw that it wasn’t listening on port 8080 at all
@lonelyorphan9788
8 ай бұрын
Ippsec rocks!!! 🙂
@googlebaba7510
2 жыл бұрын
Thanks for such a nice content . Please try to make some videos other than ctfs so that we can learn some extra things from you Thank you 💗
@arachn1d13
2 жыл бұрын
Does anyone know why sqlmap wont work with a UNION based technique on the login page? It seems to only work with time based blind which is a pain.
@gingerman942
2 жыл бұрын
Can we get a log4j video? Maybe you exploiting the vulnerability?
@mtech1935
2 жыл бұрын
instead of running directly john u have to use if john is installed in opt directory then do this /opt/run/john hash.txt - -wordlists=/usr/share/wordlists/rockyou.txt this will load the hash file idk why but this works for me instead of running john directly
@pswalia2u
2 жыл бұрын
Great work! I have one doubt, why we are supplying absolute file path to image_url param. Like this file:// . I mean this webserver might alread be running in web root, in that case relative path to file should work.
@uaman11
2 жыл бұрын
I’m on my 5th day of watching this this is a strenuous video 🤯 but I love it
@Ms.Robot.
2 жыл бұрын
Cool. This was very dynamic. Amazing. ❤️
@AshishKumar-gn9pz
2 жыл бұрын
First like first comment love from India ippsec
@nuridincersaygili
Жыл бұрын
This is pure gold! Thank you!
@tortotifa5287
2 жыл бұрын
When you wanted to crack the hash using john, actually you were right! You needed to add a $ in front of the hash as seen on your google research
@aminhatami3928
2 жыл бұрын
Thanks for your great videos.
@johntheocharis573
2 жыл бұрын
Why are your views going down....
@darkivy7207
2 жыл бұрын
fantastic guide thank you!
@maorsabag-kraken
2 жыл бұрын
Hey ippsec! I have a suggestion if you didn't know about, you can "copy as curl" the request in burp or the network tab in firefox, then convert the curl to a python script by some online tool and you have a python script of the request you've made! :)
@loqpa2364
2 жыл бұрын
There is a copy-as-python-request extension in burp, works like magic.
@BartVerhoeven1992
2 жыл бұрын
Instead of these regex, that might be buggy in some situations, and on top of that aren't super easy to construct... Why don't you use xpath expressions to select your data from the html?
@ippsec
2 жыл бұрын
Primarily because I'm more comfortable with regex and can do it quicker.
@orxanovn5057
2 жыл бұрын
this is lab very very hard
@infosec6253
2 жыл бұрын
Got it
@oy9804
2 жыл бұрын
great but One video a week is not enough
@NicolastheThird-h6m
2 жыл бұрын
Bro KZitem is not his job
@damnmayneunfiltered
2 жыл бұрын
he's also mad consistent when you consider the number of videos he has to the number of retired htb boxes...plus this is the best free training by far.
@SuperSohaizai
2 жыл бұрын
Add on to that, he does not only run the box one time. He has to run it a few times, check how did other people do it and includes those information as well. And then there is UHC series too
Пікірлер: 27