HackTheBox - Perfection

Рет қаралды 12,664

Күн бұрын

00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password

Пікірлер: 31

@AUBCodeII 24 күн бұрын

Babe, wake up, new IppSec video dropped

@o3tg2w35t 17 күн бұрын

I learned pen-testing largely from these videos. Three years ago, I got my first pentesting job and somehow promptly forgot all about IppSec. Until today. It's such a great feeling, to know that all my studies paid off. I can finally understand the full content of these videos! Yipee!!

@NatteeSetobol 18 күн бұрын

I didn't know you could brute force with hashcat like that. I always learn something new!!

@juandelpuerto5711 24 күн бұрын

Thanks, as always your explanations are gold!

@Ms.Robot. 23 күн бұрын

❤🎉 another sweet drop from the Wizard of the Matrix.

@bread_girl_jane 20 күн бұрын

ippsec you’re one of my heroes but the way you pronounce ubuntu kills me lmao

@StefanŁukasik-m3k 24 күн бұрын

Solid as usual

@activ3Port 24 күн бұрын

the GOAT

@kingzedge 14 күн бұрын

Aside from HTB and TryHackMe, what tools should I be playing around with on my computer in order to break into Cyber? I have a few ideas: Kali Linux, Linux GUI, Windows command prompt. What else should I download?

@InsanexBrain 12 күн бұрын

thanks! great video as always

@felixkiprop48 22 күн бұрын

Let's rock❤

@Martin-Pentest 23 күн бұрын

Hey Ippsec i have a question that i guess is unrelated to this particular video but i know your the man to ask.. so i'm trying to figure out why if i type echo "password" | md5sum the output or string is totally different to the string i would get on say md5 hash generator online? Maybe i am being stupid but i guess i won't know if i don't ask.

@ippsec 23 күн бұрын

Without a -n, echo is putting a line break in.

@Martin-Pentest 23 күн бұрын

@@ippsec Well now i feel stupid aha.. problem solved. Thanks for the reply ipp your a legend 👌

@sh22xpr 21 күн бұрын

I assume hashcat checks file each iteration instead of remembering it's content

@raphaelriera-v3b 22 күн бұрын

hey my burpsuite browser can't connect to the website

@abdirahmann 24 күн бұрын

good vid

@mohammadhosein6847 23 күн бұрын

you are so amazing

@ManuGram 24 күн бұрын

Really great content,i just wanna ask if you could do more mobile app hacking

@alanbusque6645 24 күн бұрын

Thanks

@nicollasalcantara6907 15 күн бұрын

My reverse shell is not working lol

@_Mann_Kasodariya 13 күн бұрын

can you make video about how can you have option to which search engines do waan search for it or give me name of softwer so i can to. if anyone know in chat will you help me into this 3>.

@seM1c0l0n 22 күн бұрын

ffuf supports OS commands to encode input

@tg7943 11 күн бұрын

Push!

@j0hnc0nn0r-sec 11 күн бұрын

Hard to tell he ever had a speech impediment now

@admiralbaty 24 күн бұрын

semicolon ; Colon :

@amieemaya9472 23 күн бұрын

Lulz

@Blomma761 24 күн бұрын

First

@redxroomie 24 күн бұрын

Lol

@boogieman97 18 күн бұрын

Hey Ippsec, yesterday I got a new VIP sub for HackTheBox for a year. Haven't done any of the Sherlocks earlier until today. I really liked the LockPick3 Sherlock! Have you done that one yourself already ?