Формат | Размер | Скачать |
---|
Название | : | |
Продолжительность | : | |
Пользователь | : | id 819724158354 |
Дата публикации | : | ript src= |
Просмотры | : | layer\/3b96d06c\/www-embed-player.vflset\/www-embed-player.js |
Понравилось | : | 1,053 |
Не понравилось | : | 23 |
I can't run the exploit code
I get this error how can i solve it? Traceback (most recent call last): File "/home/ma/Desktop/swagshop-exploit.py", line 24, in <module> "filter": base64.b64encode(pfilter), ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/base64.py", line 58, in b64encode encoded = binascii.b2a_base64(s, newline=False) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: a bytes-like object is required, not 'str' Комментарий от : @servermadum7297 |
Ok the great course Комментарий от : @kalidsherefuddin |
Made a short video on how to spawn a shell in swagshop with unique method.. www.youtube.com/watch?v=gkzYKVCbydY&ab_channel=yaseen ...Nevertheless Ippsec is the best. Комментарий от : @yaseen7749 |
15:33 why in flower bracket? Комментарий от : @guyunknown226 |
pdb is fucking great, thanks for showing us! Комментарий от : @yusufanything |
For people who are getting :mechanize._form_controls.AmbiguityError: more than one control matching name 'login[username]' when trying to run code_exec file => Use this userone = br.find_control(name='login[username]',nr=0) userone.value = username Instead of br['login[username]'] = username Don't know why I am getting this error though..but selecting the first value seems to make it go away! Комментарий от : @aneeshverma1 |
Unable to import Mechanize. I cannot get 'pip' to work for me using python2.7. I tried to upgrade to python3 but the script only works with pip-python2 Комментарий от : @raycharles6240 |
Got popcorn, Gatorade, and listening on my bed. Nice. Комментарий от : @Ms.Robot. |
I got it to work with outer single quotes and inner double quotes so I don't think it was that. Also, I believe the demonstration you showed with the $ippsec is more so a quirk with how single quotes interpret the symbol $ more than anything else. Either way enjoyed the video, thanks for making it!! Комментарий от : @L33TTechReviewer |
my question about all your videos how did you get all the knowledge of this? I'm new and I want to be just like you Also how did you know all the next steps super fast. Sorry if I'm asking dump questions !! Комментарий от : @GuitaRHero5611 |
dogshit exploit Комментарий от : @truehonor865 |
thank you for sharing so many sources! Your videos are pure gold! Комментарий от : @WarkerAnhaltRanger |
god damn that script dont work for me even tho I follow your debugging.....I get this mechanize errors even when i put index.php/admin I also put the credentials from my created acc....I cant get it to work cuz of the mechanize thingy Комментарий от : @higswat |
my next dog i am going to call IppSec. Awesome, if i get this good be fore i retire i will die happy. Комментарий от : @JuanBotes |
SwagShop was my first box, I did it when it was live, funny to see other people do it different ways. I found the open directories to be interesting, and after digging around in the admin panel for awhile I found a way to make a product with custom parameters. I used the custom parameters to upload a file, and used that file to get remote code execution via the searchbar. after testing it with ls, and whoami, I saw that it worked and then did a reverse shell. The hardest part was definitely the enumeration, but also the most fun. Actually, I take that back, the hardest part was having to do the first couple of steps 300 times because people kept resetting the box. Комментарий от : @ev3rything533 |
The 10.10.10.140/RELEASE_NOTES.txt totally screwed me over. It says version 1.7.0.2 Комментарий от : @its-me-dj |
You sir are amazing, quality content Комментарий от : @abhinavram5223 |
You could have just added php backdoor from the file editor in magento dashboard and save it . It would save a lot of time . I did it that way Комментарий от : @ciph3r836 |
Out of curiosity - why do you use ports above 9000 for reverse shells? Комментарий от : @peterdjalaliev1 |
First, thanks for the upload and well done. Thank you for the very thorough explanation. Second, minor suggestion todo with vim-fu, not the actual exploitation itself: @21:35 "use dw to delete word" certainly works, however the faster and more precise replacement once your cursor is on the beginning "S" of the date string: c/'. followed by pasting your copied date string. Meaning, change the characters between the cursor and the next single quote (in this case the end of the string). Комментарий от : @cwlancaster979 |
Hi, super approach. I did this box a few weeks ago, and after using the Shoplift exploit you used (SQLi), there was a way to upload the shell via the shop, since connect and all other features where disallowed. I personally tried to add a shell on admin panel by uploading an image alongside a product with a .php extension, but the following blog post gave me a clear method for doing it by changing the extension to phtml, which was allowed: blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/ EDIT: The exploit you tried to use at 33 minutes was disabled as it was not the intended way of getting a hold on the machine, as they mentioned in the forum. I b We all tried this one, and it worked only once for me, and then stopped suddenly. Really glad to see it was actually working. Комментарий от : @khalat173 |
Can someone pls tell me why Auth of this video changed some thing like '1y' in second script Комментарий от : @mallikarjunkishore4345 |
i need help with the point at nearly 30:25, where we realized that 7d is a period and it should be changed to something else. I am unable to understand how come making it 7 year did not help but 1year did... was this completely a hit and trial or i am missing on something please? Комментарий от : @corpsec6630 |
I got a shell on this box by uploading a plugin that allowed me to either upload or edit php files (can't remember which one) after using the first exploit to get an admin user. Wish I would have paid more attention about the RCE! Комментарий от : @bassman7689 |
Many thanks Комментарий от : @shreatehVlog |
I finally pwned something before you :D Комментарий от : @nikolanojic6861 |
i just subscribed :) Комментарий от : @Haruoi_uchiha |
ahh like all the easy boxes i pwned are public now... Комментарий от : @hondatech5000 |
That index.php/folders is common with MVC frameworks like Codeigniter and Laravel. It's not misconfiguration, it's a routed differently. Комментарий от : @sangamo38 |
Thank you for sharing! I missed the part where the URL should be changed to 1y. Awesome video as always Комментарий от : @tapsobaaubainpazisnewende5060 |
This was like my second box and I still had no clue what I was doing. I gave up on that second exploit and just used the frog hopper method of uploading bad php code through and image then executing it using a news template. Great write up as always, been watching your videos for a while now and I'm glad you're doing boxes I've done myself. Комментарий от : @Y3llowMustang |
Damn, I was just doing that Box. It got retired literaly while I was rooting it. Now i know why. I wanted those points Комментарий от : @MrNubix |
This was my first box, user'd and rooted. Had lots of fun haha Комментарий от : @_JS96 |
Awesome video ippsec keep it up bro! 👍🏼 Комментарий от : @deansmith2012 |
For getting the root.txt file, sudo vi /var/www/html/../../../root/root.txt should be fine Комментарий от : @msphr7426 |
Hello Ippsec ... you are doing a great job. here is my oscp journey , and of course a write up is incomplete without mentioning ippsec. medium.com/@saadibabar/my-oscp-journey-and-a-guide-for-oscp-aspirants-e7e76cf588b8 Комментарий от : @SaadiBabar |
thankyou for make this free hack the box machine videos Комментарий от : @unevalkamlesh387 |
I didn't understand the part "7d" where u changed the value in "br.open(url + 'block/tab_order/period/7d/?isAjax=true') and, thank u for sharing your knowledge :) Комментарий от : @shellbr3ak443 |
Nice info about getting a shell using vi and separate kudo for showing where you get it from! Комментарий от : @Urbancorax2 |
Could have easily rooted this box if I knew the little "index.php" thing before the path of the login panel for the exploit to work... Oh well, every day you learn something new I guess. Комментарий от : @velomeister |
Thanks bro for this video , I did try for shell but I didn't get any. Now I realised what I doing wrong on that box. Once again thank you so much..!! Комментарий от : @linuxlove1912 |
So I went a slightly different path. Once I got site admin I just went and found an IDE plugin for that version. Dropped a php reverse shell. But the php object injection is much more elegant. Комментарий от : @stephengarrison172 |
@22:45 "Port 9001 because... let go over 9000..." Love it! Lolz Комментарий от : @vonniehudson |
Wow, well done! I'm really impressed with your knowledge as well as sharing it with others, thank you! Комментарий от : @cvija997 |
I'm watching this video wearing my HackTheBox t-shirt I bought back when this box was still new :-) Комментарий от : @KLarsen00 |
I did the rce with adding file manager plugin in magento, and editing a previous php file to get code execution, also tried that python exploit but bcz of errors avoided it.But the way you debug and explained it, very informative Thanks! 😄 Комментарий от : @rtrvlogs582 |
thank you so much I've been stuck on this box for the last day. I managed admin access but couldn't quite gain root. Thank you for the video and all your help!! Комментарий от : @mattfowler6504 |
Guys don't forget his new ippsec.rocks where you cam search the entire playlists through specific keywords Комментарий от : @saketsourav1202 |
I love your videos. They are very helpful in my OSCP studies Комментарий от : @ITSecurityLabs |
Would definitely love a video on php deserialization and the attacks possible with it! Thank you for this video! Комментарий от : @_mayankr |
Is it retired? Комментарий от : @kashifamanat9510 |
Ippsec htb help box date and time exploit for helpdeskz worked fine first time and i got shell later l tried same exploit for reverse shell its not working (i mean after running python exploit hash url not found error all time i tried changing x range in exploit but nothing work)error : sry i did not find anything Комментарий от : @manojkarajada7188 |
First box i rooted. this was an awesome experience in pentesting. interesting to see a different process to it Комментарий от : @BreakTheCode115 |
Could U add the Bighead & Fjujab videos to their respective playlists please, if it's not too much trouble Комментарий от : @Rezurrektz |
Why in 2019 is little Bobby Tables STILL around? Комментарий от : @c1ph3rpunk |
This was the first box I rooted! You were my inspiration to solve it. Nice seeing your perspective now. Комментарий от : @SP-hz5tp |
third :) Комментарий от : @tonkotsu_noodles |
3rd Комментарий от : @wheeler90 |
Second 🥴 Комментарий от : @mohamedzumri4305 |
first Комментарий от : @geekgeek8453 |