HackTheBox - Horizontall

I remember one year ago I was very beginner at hacking and said, let's watch easy videos to start, and this video made me really sad. now one year after I didn't cry watching again

yurilsaps

26:41 the problem was with the "-", you should have wrapped the users-permissions_user in backticks: `users-permissions_user`

bidkonic

Thanks Ippsec for this new "After Exploitation inspection" section in your recent videos. Can you also do them for AD machines in the future for better understanding of why we can enumerate null authentication, why we can list smb shares anonymously and stuffs like that

dhaneshsivasamy

35:40 I have no idea how to get it to show ssh> using C. What inputs did you press? I can't get it.

cadesummers

A very cool and detailed analysis of this car.
Many people don't care how the exploit works, but just publish the vulnerability.
It's nice to see in the wolkthrough that there is still an analysis of why the exploit worked.
I love ipsec for that.
I still haven't figured out how to get into the >SSH command prompt (~L\ or ~C\), what to look for when you press "C".
Maybe you need to press a hotkey?

Giperium

1h of his content is like 4y of Computer science college

meudta

At 5:31 the html source was laid out in a “horizontal” manner

readysetexploit

Thanks for the explanation on the shell for zsh! I've seen other ways to do that, but I end up getting some weird line wrapping sometimes so I would switch to bash before setting up the listener, but I also forget to do that sometimes and have to re-establish my shell. I've learned a lot from your videos and really enjoy your approach to each box.

ghsinfosec

Just managed the user flag on this one before its getting retired. Won't have time to try for the root flag anymore today so watching this later and learning will be fun.

nils

videos are dope and helpful. thanks dude.

jonxslays

The first laravel exploit does work - you could guess the log file location using the information about the location of the files mentioned in the debug output on /profiles.

asib

Hey Ipp! Another great video. A quick way to prettify the javascript source files is F+12 > debugger tab > app.js > then click the prettify button from within the developer console. You weren't imagining the button XD it's there (just not in view page source)

DJ-rrcj

When you examine the http headers for the api you missed the x-powered-by header that told you this was strapi cms. Otherwise great walkthrough as always.

spfy

What is the thought process to look for VHOST? I wracked my head on this one trying to use dirbuster.

ellerionsnow

How long did you take to do this box prior recording this?

danilopc

38:11 The gobuster returned "[ERROR] ... connection refused"

I have the same error too and the port forwarding is terminated.
Any idea why does this happen?

The error messages in the port forwarding are like:
"channel X: open failed: connect failed: Connection refused"
"client_loop: send disconnect: Broken pipe"

rayyue

~c is not working. I cannot seem to get the portforwarding to work in any way,

shedelbrecherinc.

sir you have mentioned to reach the site i will have to add the IP to /etc/hosts file, directly typing IP in the url tab states "unable to reach the site" but after adding to hosts file i am able to reach, but why does this happen??

kaushikkodeeswaran

great vid as always.

by the way, my progress stalled in htb academy since ffuf was not installed on the box. can you please check the parrot os' basic template?

tyaprak

I kinda wanna see ippsec do a room live without any prior knowledge

Fahodinho