Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec

preview_player
Показать описание
Let's play Cyber Mayhem! ⚔️
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.

HBG streaming is not allowed currently, but stay tuned as cool updates are coming up! Currently, we are on Early Beta, so battles are available for VIP and VIP+ players.

HBG is here! Get Ready, Set, PWN! 🏁

00:00 - Introduction
01:43 - Logging into Battlegrounds
04:30 - Going over my current workflow/setup.
06:25 - My Start Battlegrounds script, just setting up a WWW Directory with my IP Address.
07:20 - Going over a script I use to quickly SSH into the defending castles.
08:15 - The Get Flags script, which just SSH's into machines and cats flags.
09:10 - Going over Metasploit.
10:10 - Setting up BurpSuite to only intercept traffic to the castles.
11:50 - Doing a dry run of setting up my scripts, while I wait for a queue.
13:15 - Showing my favorite incident response command, ps -aef --forest.
13:45 - Going into a processes /proc/ directory to look at their current working directory.
16:15 - Match Found! Going into the lobby and downloading an OpenVPN Key.
17:50 - Match Started, setting up the battleground script and going to each castle, then pressing: Ctrl+Shift+R
18:50 - Assigning a box to myself to notify the team I'm working a box and logging into the blue box.
19:25 - Intercepting a login request, seeing this is XML, trying XML Entity Injection.
20:50 - Grabbing the SSH Key for Olivia and logging in.
22:20 - Discovering how to patch this vulnerability and validating our patch (libxml_disable_entity_loader).
23:40 - Finding Olivia's password, running sudo and seeing there are a few GTFOBins to privesc
24:50 - Running SYSCTL to dump the root's SSH Key and logging into the box.
26:30 - Doing some light Incident Response on our box to hunt for revshells. I missed a shell here! Metasploit can be found at PID 3437...
28:40 - Starting a TCPDump and then logging into the other castles.
31:00 - Finally found the reverse shell! on our box. Checking the current working directories
32:10 - Grabbing the IP Address of the shell to look at HTTP Access Log. Still don't really see any malicious HTTP Requests.
35:50 - Incorrectly killing the process, then running TCPDump.
38:30 - Killing their shell for real this time.
39:50 - A different box got owned, finding a reverse shell.
42:00 - Tobu keeps getting a flag on another box but has no shell, doing some incident response to find out what happened.
47:00 - Doing a bad job analyzing that TCPDUMP we captured earlier with Wireshark.
51:15 - Examining the HTTP Headers to /blog, to discover an Xdebug header, checking the exploit in Metasploit.
52:49 - Doing some IR against our meterpreter session. Seeing how well it stays hidden prior to running a shell.
54:30 - Disabling Xdebug. 😎⚔️🎮🏁
  1. Hack The Box
  2. gaming
  3. hacking
  4. cyber security
  5. cybersecurity
  6. cyber mayhem
Рекомендации по теме
Hack The Box 0:56:33

Hack The Box Hacking Battlegrounds - Cyber Mayhem Gameplay with Ippsec

Hack The Box 0:00:17

Hack The Box Presents Hacking Battlegrounds

HackTheBox Battlegrounds - 0:39:15

HackTheBox Battlegrounds - Server Siege (Practice Mode)

Hack The Box 3:02:46

Hack The Box Hacking Battlegrounds Streamed Tournament #1 - Commentated by IppSec and John Hammond

Hacking Battlegrounds by 0:00:22

Hacking Battlegrounds by Hack The Box: Cyber Mayhem, Attack/Defend Game Mode - Coming Soon!

Competitive Hacking - 0:20:59

Competitive Hacking - HTB Battlegrounds

Hack The Box 4:53:04

Hack The Box Hacking Battlegrounds Streamed Tournament #2 - Commentated by IppSec and John Hammond

Hack The Box 0:01:00

Hack The Box - Cyber Mayhem Trailer [Hacking Battlegrounds Now Live]

Pubg Mobile hack 0:00:22

Pubg Mobile hack 3.7 ( New Version Esp hack Mod ) | Pubg Gl & Kr Hack Pubg 3.7 Hack free no ban

The official Hack 0:00:23

The official Hack The Box jersey | hacking is the NEW gaming 🕹️

#Hack In The 0:00:58

#Hack In The Box | Real-Time Multiplayer Hacking Battles | Hacking Tournament Battlegrounds |

Holiday Mayhem: Hacking 4:36:44

Holiday Mayhem: Hacking Battlegrounds #3 ⚔️

CAN I WIN 0:46:53

CAN I WIN A GAME OF BATTLEGROUNDS?! [HackTheBox - Server Siege]

Hack The Box 0:00:53

Hack The Box and Try Hack Me are no longer enough

Hack The Box 0:00:31

Hack The Box

Tryhackme vs Hackthebox 0:05:28

Tryhackme vs Hackthebox - For BEGINNERS?

How To hack 0:00:16

How To hack BGMI or Pubg #unlimited money #hack #pubgmobile #freefire #hacker #wallhackfreefire 😘😁😘😅...

SQLi, SSTI & 0:36:47

SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF 'GoodGame'

New Years Blitz 5:26:49

New Years Blitz | Hacking Battlegrounds Tournament #5

Cyber Santa Is 5:32:58

Cyber Santa Is Coming To Town - Hacking Party

Learn to HACK 0:15:41

Learn to HACK Quickly and Easily | Hack The Box Academy

this suiryu TSB 0:00:29

this suiryu TSB LEAK is FAKE... | #strongestbattlegrounds

Cara Jadi Seperti 0:00:25

Cara Jadi Seperti Hacker dalam 5 Detik

Como fazer hack 0:00:16

Como fazer hack igual dos filmes #shorts #hack #filmes #pctips #tricksandtips

Комментарии
Автор

watching ippsec navigate tmux is like watching a ballet recital...so effortless :')

leejamison
Автор

I'm nowhere at all near this level of hacking and have not done blue team stuff before but this video was excellent. Seeing how you identify shells/meterpreter processes from a defender's POV was educational and exciting and I learnt alot from this 1h video! Thanks ippsec. I'll probably try out battlegrounds in the far future once I've learnt more

tripzart
Автор

Its kinda depressing to see how good they are when you just started getting into hacking

Edit: its now only four months later and i understand what he is doing! Yay

mariolol
Автор

This is amazing, I feel like I'm watching an OG MLG tournament.

InfiniteLogins
Автор

when you see ippsec in your team... :D or the horror of seeing ippsec on the other team.. :S

HQinternet
Автор

Thanks for all the times you carried me my dude :D

xLegacyy
Автор

This was amazing to watch! Hopefully you'll be able to share more of this in the future!

Kargha
Автор

I know this is a long time ago. Just started my hacking endeavors a little while ago--unless you count the stuff I did in dos and unix 30 years ago...Anyways, watched 15min of this. Damn, this guy is fast. My head started to spin.

davidbuckalew
Автор

what a great content. I love watching ippsec do it days to days 😊

SapphireSymphony
Автор

im a simple man. I hear ippsec, I subscribe

the_unknown
Автор

This is awesome. We need more videos like this. I really hope ippsec will continue making videos playing Mayhem

alexanderastardjiev
Автор

When IppSec allows the service to run but won't show the password anymore "Let's have some fun :3"

sharghaas
Автор

When he did tree for forest omg that lvl of heartbeat😂

guyunknown
Автор

This is amazing for intermediate learners like me...God bless you ippsec!

Queennyla
Автор

I am recently studying blue team stuff and I am so happy that it won't be a waste T^T

SilverCraft
Автор

The background music reminds me of mass effect..Cool!

master-sy
Автор

Holy f**k.... Man I recently started my journey with pentesting. I wanted to know how battlegrounds work and try them myself. Your video was intimidating :D Back to studying for me I guess:D. Thank's for showing me new skills. It was definitely worth my time!

zgredfryd
Автор

Awesome vid! I actually understood everything you did, I just wouldn't be able to remember all the commands and stuff to do it myself yet lol

bluegizmo
Автор

I have no idea what imp seeing or what's going on but being a cyber security major this is exciting.

JuanSanchez-iqlp
Автор

Ippsec where have you been all my life <3

michaelgirma