Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec
Рет қаралды 135,758
Күн бұрынLet's play Cyber Mayhem! ⚔️
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.
HBG streaming is not allowed currently, but stay tuned as cool updates are coming up! Currently, we are on Early Beta, so battles are available for VIP and VIP+ players.
Play Hacking Battlegrounds here: app.hackthebox.eu/battlegroun...
Read more info about HBG: www.hackthebox.eu/press/hacki...
HBG is here! Get Ready, Set, PWN! 🏁
00:00 - Introduction
01:43 - Logging into Battlegrounds
04:30 - Going over my current workflow/setup.
06:25 - My Start Battlegrounds script, just setting up a WWW Directory with my IP Address.
07:20 - Going over a script I use to quickly SSH into the defending castles.
08:15 - The Get Flags script, which just SSH's into machines and cats flags.
09:10 - Going over Metasploit.
10:10 - Setting up BurpSuite to only intercept traffic to the castles.
11:50 - Doing a dry run of setting up my scripts, while I wait for a queue.
13:15 - Showing my favorite incident response command, ps -aef --forest.
13:45 - Going into a processes /proc/ directory to look at their current working directory.
16:15 - Match Found! Going into the lobby and downloading an OpenVPN Key.
17:50 - Match Started, setting up the battleground script and going to each castle, then pressing: Ctrl+Shift+R
18:50 - Assigning a box to myself to notify the team I'm working a box and logging into the blue box.
19:25 - Intercepting a login request, seeing this is XML, trying XML Entity Injection.
20:50 - Grabbing the SSH Key for Olivia and logging in.
22:20 - Discovering how to patch this vulnerability and validating our patch (libxml_disable_entity_loader).
23:40 - Finding Olivia's password, running sudo and seeing there are a few GTFOBins to privesc
24:50 - Running SYSCTL to dump the root's SSH Key and logging into the box.
26:30 - Doing some light Incident Response on our box to hunt for revshells. I missed a shell here! Metasploit can be found at PID 3437...
28:40 - Starting a TCPDump and then logging into the other castles.
31:00 - Finally found the reverse shell! on our box. Checking the current working directories
32:10 - Grabbing the IP Address of the shell to look at HTTP Access Log. Still don't really see any malicious HTTP Requests.
35:50 - Incorrectly killing the process, then running TCPDump.
38:30 - Killing their shell for real this time.
39:50 - A different box got owned, finding a reverse shell.
42:00 - Tobu keeps getting a flag on another box but has no shell, doing some incident response to find out what happened.
43:00 - Checking a theory on how to access the flag (LFI with file:///etc/passwd). Then doing a bad/hacky patch to prevent the flag from being passed into the parameter.
47:00 - Doing a bad job analyzing that TCPDUMP we captured earlier with Wireshark.
51:15 - Examining the HTTP Headers to /blog, to discover an Xdebug header, checking the exploit in Metasploit.
52:49 - Doing some IR against our meterpreter session. Seeing how well it stays hidden prior to running a shell.
54:30 - Disabling Xdebug. 😎⚔️🎮🏁
@leejamison5787 3 жыл бұрын
watching ippsec navigate tmux is like watching a ballet recital...so effortless :')
@thfjamal 3 жыл бұрын
I'm glad me thinking that is actually true and not just my noobish thinking. I'm just getting into all of this.
@mariolol8333 3 жыл бұрын
Its kinda depressing to see how good they are when you just started getting into hacking Edit: its now only four months later and i understand what he is doing! Yay
@berthold9582 2 жыл бұрын
very true😢
@jamisonmartino1136 2 жыл бұрын
@@berthold9582 Hacking is no easy subject. But nobody knows everything, and you learn over time. Anyone can reach this skill level if they stick with it for long enough!
@davidbuckalew5995 2 жыл бұрын
Yeah
@vikrammalkan4695 Жыл бұрын
Dude Same ;(
@nt6343 Жыл бұрын
same :(
@tripzart 3 жыл бұрын
I'm nowhere at all near this level of hacking and have not done blue team stuff before but this video was excellent. Seeing how you identify shells/meterpreter processes from a defender's POV was educational and exciting and I learnt alot from this 1h video! Thanks ippsec. I'll probably try out battlegrounds in the far future once I've learnt more
@InfiniteLogins 3 жыл бұрын
lol @ far future
@sethadkins546 3 жыл бұрын
Right there with ya. This sounds sick, though I'm only a beginner in hacking.
@HQinternet 3 жыл бұрын
when you see ippsec in your team... :D or the horror of seeing ippsec on the other team.. :S
@CM-de6pj 3 жыл бұрын
Ippsec AND MinatoTW
@ippsec 3 жыл бұрын
@Sae x . Was that the game where I submitted a flag in the final 10 seconds to take the lead? That was a fun one!
@InfiniteLogins 3 жыл бұрын
This is amazing, I feel like I'm watching an OG MLG tournament.
@Kargha 3 жыл бұрын
This was amazing to watch! Hopefully you'll be able to share more of this in the future!
@0xLegacyy 3 жыл бұрын
Thanks for all the times you carried me my dude :D
@jonathanbouchard720 3 жыл бұрын
Was very nice to watch! Keep the videos like this coming @HTB!
@the_unknown8808 3 жыл бұрын
im a simple man. I hear ippsec, I subscribe
@Queennyla16 3 жыл бұрын
This is amazing for intermediate learners like me...God bless you ippsec!
@user-bo2jx6xn5u 4 ай бұрын
what a great content. I love watching ippsec do it days to days 😊
@bluegizmo1983 3 жыл бұрын
Awesome vid! I actually understood everything you did, I just wouldn't be able to remember all the commands and stuff to do it myself yet lol
@allenxd 3 жыл бұрын
This is awesome ippsec! more of this please! Thank youu!
@j.m3rk4 3 жыл бұрын
very cool man hope to see more #HBG 🔥
@RamandeepSinghethicalhacker 3 жыл бұрын
This is great. Loved it @ippsec
@F1HunterJAN1 3 жыл бұрын
What the hell...Just an XML one-liner right from under the sleeve...I'm afraid I have much to learn.
@ybygaming4229 3 жыл бұрын
lmao same here
@alexanderastardjiev9728 3 жыл бұрын
This is awesome. We need more videos like this. I really hope ippsec will continue making videos playing Mayhem
@master-ball700 3 жыл бұрын
The background music reminds me of mass effect..Cool!
@theone4808 3 жыл бұрын
Amazing content guys. Learning so much.
@markgentry8675 3 жыл бұрын
That was awesome! loved it. thanks
@vbox8 3 жыл бұрын
That was awesome. Thank you for the content.
@SilverCraft15987 3 жыл бұрын
I am recently studying blue team stuff and I am so happy that it won't be a waste T^T
@guyunknown226 3 жыл бұрын
When he did tree for forest omg that lvl of heartbeat😂
@ursr78122 3 жыл бұрын
That's insane!!! More gameplay videos with @ippsec
@davidbuckalew5995 2 жыл бұрын
I know this is a long time ago. Just started my hacking endeavors a little while ago--unless you count the stuff I did in dos and unix 30 years ago...Anyways, watched 15min of this. Damn, this guy is fast. My head started to spin.
@Tathamet 2 жыл бұрын
This is epic please continue !
@shauncollins1280 3 жыл бұрын
This sounds amazing! Very nice 👏👏👏
@deafuchihahockminhyuk5543 3 жыл бұрын
Hello why mati?
@zgredfryd 3 жыл бұрын
Holy f**k.... Man I recently started my journey with pentesting. I wanted to know how battlegrounds work and try them myself. Your video was intimidating :D Back to studying for me I guess:D. Thank's for showing me new skills. It was definitely worth my time!
@nocturne2172 Жыл бұрын
well, the usual cycle goes like that... you study your ass just to realize you know nothing then back to study. You never stop learning, i guesss thats why CS is fun.
@Gary-tp9dk 3 жыл бұрын
Great Great game and ippsec is so awesome keep the videos coming
@sharghaas7774 3 жыл бұрын
When IppSec allows the service to run but won't show the password anymore "Let's have some fun :3"
@JuanSanchez-iq3lp 3 жыл бұрын
I have no idea what imp seeing or what's going on but being a cyber security major this is exciting.
@Morteums 3 жыл бұрын
Sick IR introduction!
@michaelgirma6161 3 жыл бұрын
Ippsec where have you been all my life
@fission1110 3 жыл бұрын
You're really good at this
@drmmr034 3 жыл бұрын
great video, thank you ippsec
@ca7986 3 жыл бұрын
Ippsec playing it! Awesome Ippsec is playing against us! Panik!!!!
@nayrest 3 жыл бұрын
Its very good! Working! Thanks.
@cy_wareye7395 3 жыл бұрын
Clicking on this with words"Thats not ippsec but i will give it chance"
@0xsn1pe36 3 жыл бұрын
Epic 🔥🔥
@e-raticmercenary6550 3 жыл бұрын
Cool! This is awesome!
@eraser9812 3 жыл бұрын
You have inspired me to pick up tmux and start using it! You're a smart dude don't get me wrong, but man your tmux mastery is next level! Also watching your videos makes me realize I cant keep ignoring burp suite.....
@xternl_ 3 жыл бұрын
EPIC!! Thanks!
@_mayankr 3 жыл бұрын
this is amazing by hackthebox!
@simplepentester8476 3 жыл бұрын
this man's kung-fu is on another level
@ShabazDraee 3 жыл бұрын
the adrenaline rush...
@tfkvng3187 3 жыл бұрын
I'm a pee-wee noob in cyber, and I have no idea what he's talking about. Lol But I'm willing to learn!!👌
@rb0675 Жыл бұрын
Great video. Understood nothing 👍 (Not because you said anything wrong but because I'm brand new to all this)
@rapid.reels0 Жыл бұрын
IPPSEC IS ON SPEED RUN !!!!
@harshparekh9841 2 жыл бұрын
Great Video
@_DeProgrammer 3 жыл бұрын
Great video!!
@seannn4065 3 жыл бұрын
Absolute UNIT
@vonniehudson 3 жыл бұрын
This is insanely cool
@tomasofficial. 2 жыл бұрын
really fun video!
@lafamilliaHP 3 жыл бұрын
Respect from Serbia!
@phYrusMusic 3 жыл бұрын
Awesome content :)
@pwndumb2903 3 жыл бұрын
Nice video. Thx a lot
@neoXXquick 3 жыл бұрын
Nice video.. thank you ...
@bencraigs3062 3 жыл бұрын
is this good for new people to learn the basics to? also if so how do i sign up and pay the 10 just keeps asking for invite code
@zeroday5441 3 жыл бұрын
You could stream on BitChute, Dtube, DLive, BitTube or use LBRY
@Mr1willywet 3 жыл бұрын
GOAT
@flavienadjovi 3 жыл бұрын
Where should i start?Should i learn networking before i try to learn hacking? All of this is pretty confusing.
@IrfanAli-vp5mh 3 жыл бұрын
Great content
@h3ct0rjs 3 жыл бұрын
Wooow that's awesome.
@moonshadow6224 3 жыл бұрын
hey I need help I have tryed to follow the diffrent "tools" your showing from 6:25 to 11:45 but when I run ./startbg.sh it will just say permission denied. How can I fic this pls help. ps I am a noob so explan with simple word thx
@GeekyGizmo007 3 жыл бұрын
this is next level...
@sarcophiIus 3 жыл бұрын
this is so cooooool
@gemridge2387 2 жыл бұрын
What type of laptop should I buy for this type of work?
@ggok1876 3 жыл бұрын
that's really cool man, but I have a question, why do you write script with bash and not python, is it because it is guaranteed that the other machine will understand it ? , or is there another reason ?
@ippsec 3 жыл бұрын
It’s just easier to do in bash. If I did it in python I’d probably be doing os.system() anyways.
@ggok1876 3 жыл бұрын
@@ippsec yeah right, thanks man
@hoodietramp Жыл бұрын
ippsec is 💗
@judepaul5383 3 жыл бұрын
@Ippsec 😍
@ianberdahl108 3 жыл бұрын
Still learning so I'm not to this point of hacking. I do use htb, otw, thm sites that I use to learn. Would anyone have any suggestions on anything else? I'm a quick learner and any input would be great on steps perhaps you took in learning or tools. Any help is appreciated.
@julessbader1435 3 жыл бұрын
If you want to learn web app security, try this : portswigger.net/web-security
@Reelix 3 жыл бұрын
Watch all of IppSecs "Easy" videos - Makes a great tutorial series :)
@HairEEck 3 жыл бұрын
What's otw?
@armandkruger911 3 жыл бұрын
How about creating a bash script to kill all www-data sessions that have a valid "/bin/bash" or "pts/" and run it as a cron job every 5 seconds to kill the PID
@ayeansh 2 жыл бұрын
He's so FAST ZAMMN
@mohameai5997 3 жыл бұрын
this is epic
@thechumbinator3070 Жыл бұрын
This is why they invented kali purple.
@pi8tol 3 жыл бұрын
i watch it !!
@Sam-vs2vw Жыл бұрын
i have absolutely ZERO coding/hacking experience so this video looks like a sci fi movie lol.
@manixcraft7259 3 жыл бұрын
When you thought you were a hacker then watched this and realized you don't understand anything :'(
@AreYouAMazed 3 жыл бұрын
🙌 ITS NEVER TOO LATE
@GeekyGizmo007 3 жыл бұрын
that's how I felt. I almost quit my entire career track from imposter syndrome.
@NothingButFactsToday 2 жыл бұрын
can someone assist me setting this up on a MacBook Pro? Im buying a Thinkpad in like 2 weeks.
@Rene4591 3 жыл бұрын
dude so cool
@mysteryhogs2028 3 жыл бұрын
LOOOOOOOOOOOOOOOOOOOOOOOOOOOL
@ScottyNova 4 ай бұрын
IppSec Is God lol
@PhotoSlash 3 жыл бұрын
yo where the hell does he learn all this stuff? like he even knows some 3rd party tools useful for some specific tasks, wtf how do you find them
@d4rckh122 3 жыл бұрын
based game
@Morteums 3 жыл бұрын
WTF!? Are you santa from Mr Robot season 4 ep 4 @ippsec ?
@yuvi_white_hat1942 3 жыл бұрын
Wow... Intresting.. To watch... Live attack and defend.😂😂😂 "" If hacking is an art IPPSEC is a picasa."".😍😍
@deafuchihahockminhyuk5543 3 жыл бұрын
Hello?
@ayushsinghal6092 3 жыл бұрын
Please help me out my nmap is showing host seems down
@R4T_ 3 жыл бұрын
lol, use -Pn to skip host discovery , probably a windows PC that drops icmp pings
@ayushsinghal6092 3 жыл бұрын
@@R4T_ i have tried that... But it not worked
@R4T_ 3 жыл бұрын
@@ayushsinghal6092 what is your discord?
@xvsghshsgsgdhdhy5862 3 жыл бұрын
This guy could hack the NSA from his Nintendo switch while sitting on the toilet.
@sharghaas7774 3 жыл бұрын
Is it legal to share so much knowledge in 1 video.
@jkazoba 2 жыл бұрын
Hmm “let’s see”
@hackersworld2974 3 жыл бұрын
How to scroll In tmux?
@gebran5 3 жыл бұрын
Crtl+b and [ then sroll mouse or page up and down
@enesozdemir9973 3 жыл бұрын
setw -g mode-keys vi with this in your .tmux.conf you can page up and down with ctrl + f/ctrl +b
@cimihan4816 3 жыл бұрын
@@enesozdemir9973 what about copying text into clipboard?
@Ms.Robot. 3 жыл бұрын
I have subscribed to your patreon. I would love to access to your drive. I have sent my info to you.
@Reelix 3 жыл бұрын
Defenders shouldn't just kill shells Ipp: kill -9 {shell PID}
@ippsec 3 жыл бұрын
To be fair, I didn't just kill a shell. I put in a fix then killed it. I feel that is completely different.
@islamimujahid3943 3 жыл бұрын
dude why thos scripts
@spaff_hazz 3 жыл бұрын
im so blown
@sithlord7264 3 жыл бұрын
Is this free? Just to learn how to hack I hack the box to get invited. :)
@berthold9582 2 жыл бұрын
Sa se n'es pas a mon niveau
@texastitan6567 3 жыл бұрын
Does this ego guy have KZfaq?
@malikkkk2679 3 жыл бұрын
he has a twitter account twitter.com/whortonmr
@deafuchihahockminhyuk5543 3 жыл бұрын
Hello?
@deafuchihahockminhyuk5543 3 жыл бұрын
@@malikkkk2679 hello?
@malikkkk2679 3 жыл бұрын
@@deafuchihahockminhyuk5543 ?
Hack The Box
Рет қаралды 147 М.
Hack The Box
Рет қаралды 45 М.
Root Access Hacks
Рет қаралды 9 М.
CryptoCat
Рет қаралды 44 М.
AI Revolution
Рет қаралды 68 М.
Hack The Box
Рет қаралды 9 М.
Hack The Box
Рет қаралды 25 М.
Domer Grief
Рет қаралды 654 М.
Дейлин КЗ
Рет қаралды 284 М.
КРУТОЙ ПАПА на
Рет қаралды 568 М.