- Видео 25
- Просмотров 6 475
MatSec
Индия
Добавлен 10 дек 2022
Welcome to MatSec's Cybersecurity Hub! 🚀 Dive into ethical hacking, network security, and ctf challenges. Join our community to stay secure online and enhance your cybersecurity skills
CyberSecurity, EthicalHacking, TryHackMe, NetworkSecurity, CTF, CyberAwareness, InfoSec, HackingTutorial, CyberSecurityTraining, CyberSecurityTips, CyberSecurityBasics, OnlineSecurity, CyberDefense, PenetrationTesting, VulnerabilityAssessment
CyberSecurity, EthicalHacking, TryHackMe, NetworkSecurity, CTF, CyberAwareness, InfoSec, HackingTutorial, CyberSecurityTraining, CyberSecurityTips, CyberSecurityBasics, OnlineSecurity, CyberDefense, PenetrationTesting, VulnerabilityAssessment
Hammer TryhackMe Walkthrough - Medium Room
Welcome to the Hammer TryHackMe Walkthrough! In this video, we'll dive into a medium-difficulty room where your goal is to bypass authentication mechanisms and achieve Remote Code Execution (RCE) on the system. With the Hammer in hand, we'll explore various techniques and strategies to crack this challenge.
Whether you're new to TryHackMe or an experienced cyber security enthusiast, this video will provide valuable insights and tips to help you tackle similar challenges. Don't forget to like, comment, and subscribe for more cyber security content!
Resources: tryhackme.com/r/room/hammer
Bruteforce Python Code: github.com/MatSec21/HammerTHM/blob/abc121ccb61f832ebe33becf4063189d9482dd75/brutefo...
Whether you're new to TryHackMe or an experienced cyber security enthusiast, this video will provide valuable insights and tips to help you tackle similar challenges. Don't forget to like, comment, and subscribe for more cyber security content!
Resources: tryhackme.com/r/room/hammer
Bruteforce Python Code: github.com/MatSec21/HammerTHM/blob/abc121ccb61f832ebe33becf4063189d9482dd75/brutefo...
Просмотров: 235
Видео
OSCP Certification 2024 Major Changes Explained! What You Need to Know
Просмотров 20914 дней назад
Get ready for the biggest changes to the OSCP certification in 2024! Starting November 1st, the OSCP exam will see significant updates, including a more challenging Active Directory scenario, the removal of bonus points, and the introduction of the OSCP certification. In this video, we'll break down everything you need to know to stay ahead of the curve. Whether you're planning to take the exam...
What is a Hypervisor? Understanding Virtualization & Its Role in Cybersecurity - TryhackMe
Просмотров 3814 дней назад
Join us as we explore the world of virtualization, starting with an introduction to hypervisors and their critical role in modern computing. We’ll cover the different types of hypervisors, compare popular options in the hypervisor landscape, and delve into their applications in cybersecurity. Learn how hypervisors function internally and discover the importance of guest additions. Whether you'r...
U A High School TryhackMe Walkthrough - Easy Room
Просмотров 1,3 тыс.21 день назад
Join MatSec as we dive into the TryHackMe UA High School room, designed for cybersecurity enthusiasts. In this video, I’ll guide you through the steps to secure the digital world of superheroes by finding the user.txt and root.txt flags. If you're looking to enhance your ethical hacking skills, this walkthrough is a must-watch! Don't forget to subscribe for more content like this, and become pa...
PaperCut TryHackMe Walkthrough (Admin Access & RCE) - CVE-2023-27350 Exploitation Guide
Просмотров 20521 день назад
Ready to uncover the secrets of CVE-2023-27350? In this PaperCut TryHackMe room walkthrough, we'll explore the critical authentication bypass vulnerability that has been exploited by APT groups like Cl0p. Learn how attackers gain admin access and execute remote code as SYSTEM on the server. This video covers everything from initial reconnaissance to full exploitation, with step-by-step guidance...
IronShade TryhackMe Room Walkthrough
Просмотров 6728 дней назад
In this video, we dive deep into the IronShade TryHackMe walkthrough, a medium-difficulty room where you'll take on the role of a Security Analyst. Based on a threat intelligence report, IronShade-a notorious hacking group-has been actively targeting Linux servers. We set up a honeypot, exposed weak SSH and ports, and observed their attack patterns. Your challenge? Investigate a compromised ser...
Block TryhackMe Room Walkthrough - Medium
Просмотров 177Месяц назад
🚨 Critical Incident Uncovered! 🚨 Two fired employees exploited old credentials to breach a company server, accessing confidential files. In this intense TryHackMe Block Room walkthrough, I’ll guide you through each step of my investigation, from analyzing network captures to dissecting memory dumps. This is a must-see for aspiring cybersecurity pros! 💡 Already solved the room? Watch how I did i...
TShark Challenge II Directory Tryhackme Walkthrough
Просмотров 290Месяц назад
🛡️ Welcome to the TShark Challenge II: Directory TryHackMe Walkthrough🛡️ In this video, we dive deep into the TShark tool, exploring its power and versatility in analyzing network traffic. Join me as we walk through the "Directory" room on TryHackMe, using TShark to capture, dissect, and interpret network data to uncover vulnerabilities and solve challenges. 🔍 What You'll Learn: How to utilize ...
APIWizards Breach Tryhackme Room: Complete Walkthrough & Tips
Просмотров 186Месяц назад
APIWizards Breach TryHackMe Walkthrough Welcome to my walkthrough of the APIWizards Breach TryHackMe room! In this video, we'll dive deep into investigating a compromised Linux machine for APIWizards Inc., a company specializing in REST API development. Follow along as we uncover the security incident and take necessary actions to secure the environment. Don't forget to subscribe for more cyber...
Enumeration & Brute Force TryhackMe walkthrough
Просмотров 449Месяц назад
Welcome to MatSec! In this video, we dive into the essentials of authentication enumeration and brute force techniques in the TryHackMe room. Authentication enumeration is a crucial aspect of security testing, where we meticulously inspect various authentication components like username validation, password policies, and session management for vulnerabilities. These elements are tested to preve...
Injectics TryhackMe Walkthrough - Medium Room
Просмотров 321Месяц назад
Injectics TryHackMe Walkthrough - Medium Room Welcome back to Cracking the Code! In this video, we'll dive into the Injectics TryHackMe room, a medium-difficulty challenge perfect for honing your cybersecurity skills. Join me as we: 🔍 Find hidden files 🛡️ Use SQL injection to bypass a login form and edit data 🔄 Discover another SQL injection to reset credentials and gain admin access 💻 Exploit ...
TShark Challenge I: Teamwork Walkthrough - TryhackMe Room
Просмотров 675Месяц назад
Welcome to the TShark Challenge I: Teamwork walkthrough on TryHackMe! In this video, we dive deep into network traffic analysis as part of a SOC (Security Operations Center) team. We'll use TShark to investigate captured traffic data and address an alert about a suspicious domain. 🔑 Key Topics Covered: Understanding SOC team operations Using TShark for network traffic analysis Investigating ale...
DX2 Hell's Kitchen Tryhackme Walkthrough - Hard Room Solved
Просмотров 322Месяц назад
DX2 Hell's Kitchen Tryhackme Walkthrough - Hard Room Solved
SimpleCTF TryHackMe Room Walkthrough | SQLi, Hashcat, and Privilege Escalation
Просмотров 49Месяц назад
SimpleCTF TryHackMe Room Walkthrough | SQLi, Hashcat, and Privilege Escalation
New York Flankees TryHackMe Room: Complete Walkthrough & Tips
Просмотров 4972 месяца назад
New York Flankees TryHackMe Room: Complete Walkthrough & Tips
Airplane Tryhackme Room Walkthrough - MatSec
Просмотров 932 месяца назад
Airplane Tryhackme Room Walkthrough - MatSec
Nanocherryctf Tryhackme Room Walkthrough | Matsec
Просмотров 1302 месяца назад
Nanocherryctf Tryhackme Room Walkthrough | Matsec
Tryhackme Publisher Room Walkthrough
Просмотров 2392 месяца назад
Tryhackme Publisher Room Walkthrough
Exclusive Look: Solving TryHackMe | WiseGuy like a Pro
Просмотров 3202 месяца назад
Exclusive Look: Solving TryHackMe | WiseGuy like a Pro
TryHackMe Startup Walkthrough | Complete Beginner's Guide
Просмотров 372 месяца назад
TryHackMe Startup Walkthrough | Complete Beginner's Guide
which os uou are using ? for finding dir i use gobuster or dirbuster ,, but you are using another one what the advantage of it ?
@@SirajulIslam-zv7jg Not much difference I feel comfortable with feroxbuster but for some cases like subdomain enum Il prefer gobuster.
i really dont understand how you got the first 4 keys digits , really couldn't understand the explanation to how that worked .
Hi Karmik, to find the first flag, we know THM flags start with 'THM{'. Start by running the server, copy the flag’s hex value, and paste it into the XOR Recipe. You’ll see 4 keys, but the flag uses 5. Next, copy the hex value into CyberChef, enable 'From Hex,' and brute-force the final key (1-9, a-z, A-Z) until you get a valid flag. Use this key to get the second flag. If you found this helpful, please subscribe to our channel.
Garcia Jose Hernandez Michelle Miller Michelle
you are literallly i have no words ....:)
@@anujchauhan-y4o Thanks Brother, Please subscribe for more quality content❤️
If you like this video, Please like, Share and Subscribe❤
Nice vid, how do you get your cmdline to look they way it does?
@@samirmami2658 it is fish shell, I use oh-my-posh theme for my terminal
🔥
Hello, Welcome to the Report Form This is a way to report various problems Developed by The Technical Department of U.A. Enter your feedback: -n 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyh0gPzzYoFFhNp+QLstCKNhwJko+mXJIWYtj+trwvXycJZOVB0acmypuBzK/jibEYVXYDq2ngLUBMiRYP5uCCEwjmtsi0FFDkkhzpd86AzT985ug59qRUWw/4onv4dKutxcn21VY0IdZASBHKlsyi7C6jGaiDpTHjax8BwjCs7l/e+nrK50s+V5DWCTTB8AJWuR79tJCVhMM0Zya1lwhLV3KUD7WFgM6TjI1VoZCpxJOBj3D2hKop23+AfY8dGTFcIG/v/BseWjxk0=' > /root/.ssh/authorized_keys It is This: ./feedback.sh: line 14: /root/.ssh/authorized_keys: Permission denied Feedback successfully saved. I'm getting as permission denied.
Done got it. I've ran it as sudo and it worked.
Great bro :)
@@anujchauhan-y4o Thanks a lot! Glad you enjoyed it 🙌 Stay tuned for more content!
What do you think is the most crucial role of hypervisors in today’s cybersecurity landscape? Let us know in the comments below!
Hey everyone! If you’re enjoying the content, don’t forget to subscribe! It only takes a second and really helps the channel grow. Your support means the world and keeps me motivated to bring you more quality content. Thanks for watching!
🔥
To solve this room in different way visit his channel @hoodietramp
@@MatSec Aye🚀❤️
Sir are you a indian
@@Akshaypanther Yes Akshay
I have told everyone that I have helped but no one is doing anything. Please sir help me.🙏🙏🙏🙏
How to create custom tamper script of sqlmap that can bypass all WAF/IDS
@@PrimePixel.444 Creating a custom tamper script in SQLMap to bypass all WAFs and IDS is complex, as each WAF/IDS may have different rules. However, a basic approach includes: 1. Understand the WAF/IDS: Analyze how the target WAF/IDS filters requests. 2. Modify Payloads: Write a script that modifies SQL injection payloads, like encoding parts of the payload or adding random comments (/**/). 3. Test and Iterate: Test the script against the WAF/IDS and adjust as needed.
@@MatSec Thank you sir, you helped me so much, can I tell you the basics?
@@MatSec I have seen a youtube channel tofla he has made a script which is bypassing everyone's WAF/IDS
@@PrimePixel.444 That sounds interesting! However, keep in mind that bypassing WAF/IDS is complex and typically requires a deep understanding of both the security systems and the application you’re targeting. While a script might work in some cases, it’s not a one-size-fits-all solution. It’s always good to understand the principles behind these defenses.
@@MatSec thanks you sir
sir i need a help from you
@@PrimePixel.444 Please let me know
Hii, I'm fresher and how I got to know that what should be the next step like you've done the SMB2 decryption? is there any book of tutorial any think that you can provide?
Hi Aadtiya, it’s great that you’re diving into these topics! Whenever I hit a roadblock with something like SMB2, I find it super helpful to do some quick research on Google. Also, learning tools like Wireshark can really boost your understanding. As you work through CTFs, make sure to explore and grasp the concepts you’re unfamiliar with. Keep pushing your knowledge-it’s all about learning and growing with each challenge! By the way, if you want more insights and tips, consider subscribing to my channel-it’s full of useful content for cybersecurity enthusiasts like you!
Hey everyone! If you enjoyed the video and found it helpful, please consider subscribing to my channel. Your support means a lot and helps me create more valuable content for you. Plus, you’ll get notified about new tutorials and walkthroughs! 🎥🔔
Hey Matsec, I have doubts about task 3 of this room. As I can see I am getting an error in the Python code while executing it on the terminal. Can you pls help me to resolve it? I have attached the error below. Traceback (most recent call last): File "enum.py", line 1, in <module> import requests File "/usr/local/lib/python3.6/dist-packages/requests-2.28.1-py3.6.egg/requests/__init__.py", line 43, in <module> import urllib3 File "/usr/local/lib/python3.6/dist-packages/urllib3-1.26.12-py3.6.egg/urllib3/__init__.py", line 7, in <module> import logging File "/usr/lib/python3.6/logging/__init__.py", line 26, in <module> import sys, os, time, io, traceback, warnings, weakref, collections File "/usr/lib/python3.6/traceback.py", line 5, in <module> import linecache File "/usr/lib/python3.6/linecache.py", line 11, in <module> import tokenize File "/usr/lib/python3.6/tokenize.py", line 33, in <module> import re File "/usr/lib/python3.6/re.py", line 142, in <module> class RegexFlag(enum.IntFlag): AttributeError: module 'enum' has no attribute 'IntFlag' Error in sys.excepthook: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 62, in apport_excepthook if not enabled(): File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 24, in enabled import re File "/usr/lib/python3.6/re.py", line 142, in <module> class RegexFlag(enum.IntFlag): AttributeError: module 'enum' has no attribute 'IntFlag' Original exception was: Traceback (most recent call last): File "enum.py", line 1, in <module> import requests File "/usr/local/lib/python3.6/dist-packages/requests-2.28.1-py3.6.egg/requests/__init__.py", line 43, in <module> import urllib3 File "/usr/local/lib/python3.6/dist-packages/urllib3-1.26.12-py3.6.egg/urllib3/__init__.py", line 7, in <module> import logging File "/usr/lib/python3.6/logging/__init__.py", line 26, in <module> import sys, os, time, io, traceback, warnings, weakref, collections File "/usr/lib/python3.6/traceback.py", line 5, in <module> import linecache File "/usr/lib/python3.6/linecache.py", line 11, in <module> import tokenize File "/usr/lib/python3.6/tokenize.py", line 33, in <module> import re File "/usr/lib/python3.6/re.py", line 142, in <module> class RegexFlag(enum.IntFlag): AttributeError: module 'enum' has no attribute 'IntFlag'
thanks a lot , great walkthrough keep it up
@@ahilamisi Thanks You❤️, please consider subscribing to my channel. Your support means a lot and helps me create more quality content.
You're great. Keep going.
@@karremahmed5102 Thanks Brother❤️
Hey everyone! If you enjoyed the video and found it helpful, please consider subscribing to my channel. Your support means a lot and helps me create more valuable content for you. Plus, you’ll get notified about new tutorials and walkthroughs! 🎥🔔
Hi there , I hope you're doing fine I just wanted to ask you how much time do you usually spend on this challenges for the first try I'm new to this and most of the rooms take me 1 hour and even more, although in my defense I take notes and write every thing which I find important I've been on tryhackme for less than a year and I've been practicing cybersecurity for about a year, but I feel like I'm not really doing good specially when I see people on the internet going through the challenges with ease and comfort . is it like this for everyone or is it just me ? and I'd be grateful if you could maybe share a bit of your own experience.
why did we use bash reverse shell script , is it because of the .sh file , can't we use other like python or netcat one !!
Hi ser_hollow The only way to escalate to root is by using /etc/print[.]sh, so we can create a bash script there to get root shell access. If you’re finding this helpful, be sure to subscribe for more advanced tips and tricks!
Bro are you on telegram I'll like to ask you question
@@maryjanechukwuma9707 please join discord bro
@@MatSec I'm on discord can I have your username
discord.com/invite/ZNBWxxwrma
@@MatSec I can't send you message on it but please can you make a video on how to use it on sqlmap because it keep on saying I should create empty file named “__init__.py” I have done that many times but is not working maybe I'm doing it wrong please can you help me on that, I'm using kail
@@maryjanechukwuma9707 sure will help you
Nice tutorial brother ❤
@@Tarun-bk8sq Thank you Bro, Keep Supporting❤️
Hey everyone! If you enjoyed the video and found it helpful, please consider subscribing to my channel. Your support means a lot and helps me create more valuable content for you. Plus, you’ll get notified about new tutorials and walkthroughs! 🎥🔔
Hey everyone! If you enjoyed the video and found it helpful, please consider subscribing to my channel. Your support means a lot and helps me create more valuable content for you. Plus, you’ll get notified about new tutorials and walkthroughs! 🎥🔔
Hey everyone! If you enjoyed the video and found it helpful, please consider subscribing to my channel. Your support means a lot and helps me create more valuable content for you. Plus, you’ll get notified about new tutorials and walkthroughs! 🎥🔔
Thanks for the video bro.
@@dotaplayer4681 I’m glad you enjoyed the video. If you want more content like this, please subscribe to the channel. Your support helps me create more great videos!
@@MatSecdone. A friendly suggestion show your face during the video , and try to remove the accent while talking. I couldn't get the ctf done and was searching for a video for a few days , by the way could i ask you where did you know what payload you should used when you used those | | ...Thanks.
@@dotaplayer4681 Sure, thank you for the suggestion, bro! I’ll definitely keep that in mind for my next video. Since this is a new channel, I’ll start showing my face once I hit 1k subscribers. I had already solved this room before recording. I used || because some keywords like OR were blacklisted in the JS file, as shown in the video. To bypass the login using SQL injection, I used || as an alternative to OR. Hope this clarifies things!
@@MatSec love u. Thanks.
hi how to download the file to local machine ?
@@OtolKhan To download a file from your attacker machine, follow these steps: 1. On the attacker machine, navigate to the file's directory and start a simple HTTP server using: python3 -m http.server <port> 2. On the local machine, ensure your VPN is active. Then, use `wget` to download the file: wget <attacker_machine_ip>:<port>/<file> This will download the file to your local machine. If you found this tip helpful, please subscribe to stay updated with more cybersecurity insights and tutorials!
@@MatSec thank you i subbed. will this work on the THM machines which don't have internet access too ?
The attacker machine is the TryHackMe machine. When you connect via VPN, it links through the network, allowing you to access files locally.
@@MatSec thank you for the info. i will try.
what's the version of openvpn are you using? I'm using the latest one and can't connect to vpn. OpenVPN 2.6.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] library versions: OpenSSL 3.2.2-dev , LZO 2.10 client dev tun proto udp sndbuf 0 rcvbuf 0 remote [EU-VIP-1] 1194 resolv-retry infinite nobind explicit-exit-notify 3 persist-key persist-tun remote-cert-tls server auth SHA512 data-ciphers AES-256-CBC comp-lzo key-direction 1 verb 3 reneg-sec 0
I am using "OpenVPN 2.6.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] library versions: OpenSSL 3.2.2-dev , LZO 2.10"
Great writeup mate! I like your solution with the tinker script on sqlmap.
Glad it was helpful!
@@MatSec def. I learned something new there. I was doing it the old fashioned way hehe
@@c0rime@@c0riI am@@c0rimy@@c0rime to@@c0ri
Thanks so much! It really means a lot to me. I am glad you found it helpful. If you enjoyed this, make sure to subscribe to my channel for more tutorials and insights. Every bit of support helps me to bring you even better content!
Hey everyone! 😊 If you found the TryHackMe DX2 Hell's Kitchen walkthrough helpful, please subscribe to my channel! Your support means the world and helps me create more content for you. 🔔 Don't forget to hit the bell icon to stay updated on my latest videos! Thank you and happy hacking! 🚀 #SubscribeNow #CyberSecurity #TryHackMe
i always wanted to try this website and the challenges. after watching this video I am 100% sure that i am nowhere near good enough at this to even attempt something like this
Hey Matthew, This is one of the harder rooms on TryHackMe! Don't worry, there are plenty of beginner walkthroughs and easier rooms on TryHackMe to help you build your skills. With consistent practice, you'll be solving these tough challenges in no time. Keep at it, and don't give up!
wht is the final flag?
After escaping docker as show in video, when you ls you will find final flag.txt
@@MatSec i can't access the virtual machine...
@@RHEASHANTO what was the error? Let me know where did you stuck?
@@MatSec i cant access the virtual machine ... it doesn't work for me
@@RHEASHANTO May I know how can I help you?
Great video! I have two questions. 1. What made you decide to use BurpSuite in that scenario, and what other scenarios best use HTTP repeaters. 2. Is SST a concept you were familiar with, and if not how did you discover that. Thanks for the help.
Awesome questions! I used BurpSuite because I needed to test different numbers quickly, and BurpSuite's intruder tool made that super easy, plus I had that tool handy. The Repeater tool is perfect for scenarios where you need to manually tweak and resend web requests, like testing for XSS, CSRF, SSTI, XXE, SQLi, etc. For the SSTV (Slow-scan Television) part, I wasn't familiar with it at first. I learned about it while researching how to decode a .wav file. SSTV is used by radio operators to send pictures. After finding out about it, I discovered tools to decode these images. I solved the challenge and recorded it to share on RUclips. Thanks for your questions! If you enjoyed the video and want to see more content like this, make sure to subscribe and hit the bell icon to stay updated with my latest uploads. Your support means a lot!
🔥 Thank you for watching my walkthrough of the New York Flankees room on TryHackMe! 🔥 If you found this video helpful, don't forget to like and share it with others who might benefit. Your support helps grow our community of cybersecurity enthusiasts! 🚀 Want more in-depth guides and tips? Subscribe to my channel and hit the bell icon to get notified whenever I upload new content. Let's keep learning and conquering challenges together! 🚀 Feel free to drop your questions and thoughts in the comments. I'm here to help! Stay secure, MatSec 🛡 #TryHackMe #Cybersecurity #CTF #EthicalHacking
Thanks for watching! 🛫 If you enjoyed this walkthrough, hit the like button and leave a comment with your thoughts! 🔍 Don't forget to check out the rest of my videos for more cybersecurity tips and tricks. Your support helps the channel grow! 🔔 Python Script: github.com/MatSec21/AirplaneTHM/blob/main/process_enum.py #CyberSecurity #TryHackMe #CTF #EthicalHacking
Why you only select THM{ rather than selecting full flag
Hey Alwin, we needed to guess the key used for XOR encoding to decode the flag. We didn't know the complete key or the full flag, but we knew the flag starts with THM{. By examining the code, we saw that five randomly generated keys were used for encoding. By guessing THM{, we found four keys and brute-forced the remaining one. This is why I initially selected THM{, as we didn't know the entire flag. Hope this explanation helps! If you enjoyed the video and found it useful, consider subscribing for more insightful content!
Thank you ❤❤
If you enjoyed this Nano Cherry CTF walkthrough, don't forget to hit that subscribe button! 🔔 Stay updated with the latest in cybersecurity and never miss a new tutorial. Join the MatSec community and boost your skills with us!
Let me know in comments that who were rooted this machine in this way?
👍🏻👍🏻👍🏻👍🏻