ippsec
@ippsec
Looking for a video on a specific hacking technique/tool? Check out ippsec.rocks - Searches over 100 hours of my videos to find you the exact spot in the video you are looking for.
HackTheBox Backfire was a really fun box that involved hacking two OpenSource C2's and abusing sudo with iptables[-save] to get root. I really enjoyed exploiting havoc as you had to combine two exploits to get RCE. youtu.be/dZjd4XTms7E
Just made the Wanderer Prep playlist live! It’s designed to help people get started with the Wanderer Pro Lab on Hack The Box (which I created). Even if you don’t plan on playing Wanderer, I’d still recommend checking this playlist out—it highlights a lot of the techniques I’ve…
PHP Filters are the gift that keeps on giving, it blows my mind that in PHP you can convert an FileOpen() into a File Disclosure, which includes SSRF. Essentially, you use the filter to mutate the file into something much larger so that it causes an error. Then you use another…
#HackTheBox EscapeTwo Video is now up! This is an easy Windows box that starts out with finding an MSSQL Password on a File Share and ends with taking over a user, which can then take over a certificate template (ESC4). Check it out: youtube.com/watch?v=fE6BYs…
If anyone is looking for something to watch, Murderbot has been surprisingly good. Apple TV always surprises me with how good their shows are.
#HackTheBox BigBang Video is up! And it shows something I didn't know was possible, getting RCE on a file_get_contents call within PHP. It is patched as of PHP 8.3.8 (~June 2024) but I'm sure there are unpatched webservers out there. youtube.com/watch?v=Xta6fG…
New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! youtu.be/BhLpqRev80s
HackTheBox Administrator video is now up! This is an assumed breach box, meaning we started out with credentials. The path is primarily AD taking advantage of GenericAll to set a password and GenericWrite to set an account up for Kerberoasting: youtu.be/Miam4nw9pmE
If you have valid user creds and you know the victim uses Confluence and SSO, but M365 requires MFA, you can use those credentials to see if you can trigger an SP-Initiated SAML authentication to retrieve an SSO token. It's more complex, but, did this on a red team once.
Device Code Auth is certainly a phish I could see myself falling for, as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is, check out this video @odiesec and I did. youtu.be/Y8SSYLEq15Q
#HackTheBox LinkVortex video is up! An easy box that starts off with discovering a .git dir, which contains a cached file with a cred, that leads to exploiting an outdated version of blogging software. Root is a bash script which we exploit 3 diff ways youtube.com/watch?v=SoPIw2…
Device Code Auth is certainly a phish I could see myself falling for, as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is, check out this video @odiesec and I did. youtu.be/Y8SSYLEq15Q
#HackTheBox Ghost is up! This box feels like you are attacking a small network. Some things we will exploit: LDAP Injection, Rust Webserver, AD Federation, MSSQL Linked Databases, and escalating from a child -> Parent domain via bi-directional trust. youtu.be/4dEmocjKnZg
#HackTheBox MonitorsThree is up! The root of this box features exploiting backup software to create and restore a malicious backup. There's also a pretty good example of when to use error based SQL injection as part of getting a foothold on the box. youtu.be/4y2gp_GTBqQ