HackTheBox - Perfection

13,110

465 4

Published 2024-07-06

00:00 - Introduction
00:50 - Start of nmap
02:50 - Discovering the Weighted Grade Calculator which we will exploit
04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols
07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist
09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box
14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist
18:50 - Discovering mail that says the password format in the database
21:50 - Using hashcat Bruteforce mode to crack the password

All Comments (21)

@AUBCodeII 1 month ago

Babe, wake up, new IppSec video dropped
@o3tg2w35t 21 days ago

I learned pen-testing largely from these videos. Three years ago, I got my first pentesting job and somehow promptly forgot all about IppSec. Until today. It's such a great feeling, to know that all my studies paid off. I can finally understand the full content of these videos! Yipee!!
@NatteeSetobol 21 days ago

I didn't know you could brute force with hashcat like that. I always learn something new!!
@Ms.Robot. 1 month ago

❤🎉 another sweet drop from the Wizard of the Matrix.
@juandelpuerto5711 1 month ago

Thanks, as always your explanations are gold!
@activ3Port 1 month ago

the GOAT
@bread_girl_jane 28 days ago

ippsec you’re one of my heroes but the way you pronounce ubuntu kills me lmao
@StefanŁukasik-m3k 1 month ago

Solid as usual
@InsanexBrain 21 days ago

thanks! great video as always
@felixkiprop48 1 month ago

Let's rock❤
@abdirahmann 1 month ago

good vid
@mohammadhosein6847 1 month ago

you are so amazing
@alanbusque6645 1 month ago

Thanks
@Martin-Pentest 1 month ago

Hey Ippsec i have a question that i guess is unrelated to this particular video but i know your the man to ask.. so i'm trying to figure out why if i type echo "password" | md5sum the output or string is totally different to the string i would get on say md5 hash generator online? Maybe i am being stupid but i guess i won't know if i don't ask.
@kingzedge 21 days ago

Aside from HTB and TryHackMe, what tools should I be playing around with on my computer in order to break into Cyber? I have a few ideas: Kali Linux, Linux GUI, Windows command prompt. What else should I download?
@ManuGram 1 month ago

Really great content,i just wanna ask if you could do more mobile app hacking
@sh22xpr 28 days ago

I assume hashcat checks file each iteration instead of remembering it's content
@raphaelriera-v3b 1 month ago

hey my burpsuite browser can't connect to the website
@seM1c0l0n 1 month ago

ffuf supports OS commands to encode input
@tg7943 14 days ago

Push!