Главная страница
Конфиденциальность
Информация для авторов
Наши контакты

СМОТРИ ОНЛАЙН ФИЛЬМЫ И СЕРИАЛЫ ОБНОВЛЕНО СЕГОДНЯ

 





Формат Размер Скачать

Информация о видео


Название :  
Продолжительность :  
Пользователь :  id 819724158354
Дата публикации :   ript src=
Просмотры :   layer\/3b96d06c\/www-embed-player.vflset\/www-embed-player.js
Понравилось :   1,053
Не понравилось :   23


Кадры из видео




Комментарии к видео



@servermadum7297
I can't run the exploit code
I get this error
how can i solve it?
Traceback (most recent call last):
File "/home/ma/Desktop/swagshop-exploit.py", line 24, in <module>
"filter": base64.b64encode(pfilter),
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/base64.py", line 58, in b64encode
encoded = binascii.b2a_base64(s, newline=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'

Комментарий от : @servermadum7297


@kalidsherefuddin
Ok the great course
Комментарий от : @kalidsherefuddin


@yaseen7749
Made a short video on how to spawn a shell in swagshop with unique method.. www.youtube.com/watch?v=gkzYKVCbydY&ab_channel=yaseen ...Nevertheless Ippsec is the best.
Комментарий от : @yaseen7749


@guyunknown226
15:33 why in flower bracket?
Комментарий от : @guyunknown226


@yusufanything
pdb is fucking great, thanks for showing us!
Комментарий от : @yusufanything


@aneeshverma1
For people who are getting :mechanize._form_controls.AmbiguityError: more than one control matching name 'login[username]' when trying to run code_exec file => Use this

userone = br.find_control(name='login[username]',nr=0)
userone.value = username

Instead of
br['login[username]'] = username

Don't know why I am getting this error though..but selecting the first value seems to make it go away!

Комментарий от : @aneeshverma1


@raycharles6240
Unable to import Mechanize. I cannot get 'pip' to work for me using python2.7. I tried to upgrade to python3 but the script only works with pip-python2
Комментарий от : @raycharles6240


@Ms.Robot.
Got popcorn, Gatorade, and listening on my bed. Nice.
Комментарий от : @Ms.Robot.


@L33TTechReviewer
I got it to work with outer single quotes and inner double quotes so I don't think it was that. Also, I believe the demonstration you showed with the $ippsec is more so a quirk with how single quotes interpret the symbol $ more than anything else. Either way enjoyed the video, thanks for making it!!
Комментарий от : @L33TTechReviewer


@GuitaRHero5611
my question about all your videos how did you get all the knowledge of this? I'm new and I want to be just like you Also how did you know all the next steps super fast. Sorry if I'm asking dump questions !!
Комментарий от : @GuitaRHero5611


@truehonor865
dogshit exploit
Комментарий от : @truehonor865


@WarkerAnhaltRanger
thank you for sharing so many sources! Your videos are pure gold!
Комментарий от : @WarkerAnhaltRanger


@higswat
god damn that script dont work for me even tho I follow your debugging.....I get this mechanize errors even when i put index.php/admin I also put the credentials from my created acc....I cant get it to work cuz of the mechanize thingy
Комментарий от : @higswat


@JuanBotes
my next dog i am going to call IppSec. Awesome, if i get this good be fore i retire i will die happy.
Комментарий от : @JuanBotes


@ev3rything533
SwagShop was my first box, I did it when it was live, funny to see other people do it different ways. I found the open directories to be interesting, and after digging around in the admin panel for awhile I found a way to make a product with custom parameters. I used the custom parameters to upload a file, and used that file to get remote code execution via the searchbar. after testing it with ls, and whoami, I saw that it worked and then did a reverse shell. The hardest part was definitely the enumeration, but also the most fun. Actually, I take that back, the hardest part was having to do the first couple of steps 300 times because people kept resetting the box.
Комментарий от : @ev3rything533


@its-me-dj
The 10.10.10.140/RELEASE_NOTES.txt totally screwed me over. It says version 1.7.0.2
Комментарий от : @its-me-dj


@abhinavram5223
You sir are amazing, quality content
Комментарий от : @abhinavram5223


@ciph3r836
You could have just added php backdoor from the file editor in magento dashboard and save it . It would save a lot of time . I did it that way
Комментарий от : @ciph3r836


@peterdjalaliev1
Out of curiosity - why do you use ports above 9000 for reverse shells?
Комментарий от : @peterdjalaliev1


@cwlancaster979
First, thanks for the upload and well done. Thank you for the very thorough explanation.
Second, minor suggestion todo with vim-fu, not the actual exploitation itself:
@21:35 "use dw to delete word" certainly works, however the faster and more precise replacement once your cursor is on the beginning "S" of the date string: c/'. followed by pasting your copied date string.
Meaning, change the characters between the cursor and the next single quote (in this case the end of the string).

Комментарий от : @cwlancaster979


@khalat173
Hi, super approach.
I did this box a few weeks ago, and after using the Shoplift exploit you used (SQLi), there was a way to upload the shell via the shop, since connect and all other features where disallowed.

I personally tried to add a shell on admin panel by uploading an image alongside a product with a .php extension, but the following blog post gave me a clear method for doing it by changing the extension to phtml, which was allowed:

blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/

EDIT: The exploit you tried to use at 33 minutes was disabled as it was not the intended way of getting a hold on the machine, as they mentioned in the forum. I b
We all tried this one, and it worked only once for me, and then stopped suddenly. Really glad to see it was actually working.

Комментарий от : @khalat173


@mallikarjunkishore4345
Can someone pls tell me why Auth of this video changed some thing like '1y' in second script
Комментарий от : @mallikarjunkishore4345


@corpsec6630
i need help with the point at nearly 30:25, where we realized that 7d is a period and it should be changed to something else. I am unable to understand how come making it 7 year did not help but 1year did... was this completely a hit and trial or i am missing on something please?
Комментарий от : @corpsec6630


@bassman7689
I got a shell on this box by uploading a plugin that allowed me to either upload or edit php files (can't remember which one) after using the first exploit to get an admin user. Wish I would have paid more attention about the RCE!
Комментарий от : @bassman7689


@shreatehVlog
Many thanks
Комментарий от : @shreatehVlog


@nikolanojic6861
I finally pwned something before you :D
Комментарий от : @nikolanojic6861


@Haruoi_uchiha
i just subscribed :)
Комментарий от : @Haruoi_uchiha


@hondatech5000
ahh like all the easy boxes i pwned are public now...
Комментарий от : @hondatech5000


@sangamo38
That index.php/folders is common with MVC frameworks like Codeigniter and Laravel. It's not misconfiguration, it's a routed differently.
Комментарий от : @sangamo38


@tapsobaaubainpazisnewende5060
Thank you for sharing! I missed the part where the URL should be changed to 1y.

Awesome video as always

Комментарий от : @tapsobaaubainpazisnewende5060


@Y3llowMustang
This was like my second box and I still had no clue what I was doing. I gave up on that second exploit and just used the frog hopper method of uploading bad php code through and image then executing it using a news template. Great write up as always, been watching your videos for a while now and I'm glad you're doing boxes I've done myself.
Комментарий от : @Y3llowMustang


@MrNubix
Damn, I was just doing that Box. It got retired literaly while I was rooting it. Now i know why. I wanted those points
Комментарий от : @MrNubix


@_JS96
This was my first box, user'd and rooted. Had lots of fun haha
Комментарий от : @_JS96


@deansmith2012
Awesome video ippsec keep it up bro! 👍🏼
Комментарий от : @deansmith2012


@msphr7426
For getting the root.txt file, sudo vi /var/www/html/../../../root/root.txt should be fine
Комментарий от : @msphr7426


@SaadiBabar
Hello Ippsec ... you are doing a great job.
here is my oscp journey , and of course a write up is incomplete without mentioning ippsec.
medium.com/@saadibabar/my-oscp-journey-and-a-guide-for-oscp-aspirants-e7e76cf588b8

Комментарий от : @SaadiBabar


@unevalkamlesh387
thankyou for make this free hack the box machine videos
Комментарий от : @unevalkamlesh387


@shellbr3ak443
I didn't understand the part "7d" where u changed the value in "br.open(url + 'block/tab_order/period/7d/?isAjax=true')
and, thank u for sharing your knowledge :)

Комментарий от : @shellbr3ak443


@Urbancorax2
Nice info about getting a shell using vi and separate kudo for showing where you get it from!
Комментарий от : @Urbancorax2


@velomeister
Could have easily rooted this box if I knew the little "index.php" thing before the path of the login panel for the exploit to work... Oh well, every day you learn something new I guess.
Комментарий от : @velomeister


@linuxlove1912
Thanks bro for this video , I did try for shell but I didn't get any. Now I realised what I doing wrong on that box. Once again thank you so much..!!
Комментарий от : @linuxlove1912


@stephengarrison172
So I went a slightly different path. Once I got site admin I just went and found an IDE plugin for that version.
Dropped a php reverse shell.
But the php object injection is much more elegant.

Комментарий от : @stephengarrison172


@vonniehudson
@22:45 "Port 9001 because... let go over 9000..." Love it! Lolz
Комментарий от : @vonniehudson


@cvija997
Wow, well done! I'm really impressed with your knowledge as well as sharing it with others, thank you!
Комментарий от : @cvija997


@KLarsen00
I'm watching this video wearing my HackTheBox t-shirt I bought back when this box was still new :-)
Комментарий от : @KLarsen00


@rtrvlogs582
I did the rce with adding file manager plugin in magento, and editing a previous php file to get code execution, also tried that python exploit but bcz of errors avoided it.But the way you debug and explained it, very informative
Thanks! 😄

Комментарий от : @rtrvlogs582


@mattfowler6504
thank you so much I've been stuck on this box for the last day. I managed admin access but couldn't quite gain root. Thank you for the video and all your help!!
Комментарий от : @mattfowler6504


@saketsourav1202
Guys don't forget his new ippsec.rocks where you cam search the entire playlists through specific keywords
Комментарий от : @saketsourav1202


@ITSecurityLabs
I love your videos. They are very helpful in my OSCP studies
Комментарий от : @ITSecurityLabs


@_mayankr
Would definitely love a video on php deserialization and the attacks possible with it! Thank you for this video!
Комментарий от : @_mayankr


@kashifamanat9510
Is it retired?
Комментарий от : @kashifamanat9510


@manojkarajada7188
Ippsec htb help box date and time exploit for helpdeskz worked fine first time and i got shell later l tried same exploit for reverse shell its not working (i mean after running python exploit hash url not found error all time i tried changing x range in exploit but nothing work)error : sry i did not find anything
Комментарий от : @manojkarajada7188


@BreakTheCode115
First box i rooted. this was an awesome experience in pentesting. interesting to see a different process to it
Комментарий от : @BreakTheCode115


@Rezurrektz
Could U add the Bighead & Fjujab videos to their respective playlists please, if it's not too much trouble
Комментарий от : @Rezurrektz


@c1ph3rpunk
Why in 2019 is little Bobby Tables STILL around?
Комментарий от : @c1ph3rpunk


@SP-hz5tp
This was the first box I rooted! You were my inspiration to solve it. Nice seeing your perspective now.
Комментарий от : @SP-hz5tp


@tonkotsu_noodles
third :)
Комментарий от : @tonkotsu_noodles


@wheeler90
3rd
Комментарий от : @wheeler90


@mohamedzumri4305
Second 🥴
Комментарий от : @mohamedzumri4305


@geekgeek8453
first
Комментарий от : @geekgeek8453



Похожие на видео