Plundering AWS S3 Buckets - HackTheBox
HTML-код
- Опубликовано: 23 апр 2021
- For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
Pwncat, linpeas juggling and then that auto deletion of files from files folder.. Entertainment with learning😂.. awesome video....thanks
When I found myself screaming "IT'S IN ADSERVER JOHN!!" I realised I learned something from watching this channel.
Thanks John, stinkin love your content! You're one of the more vibrant pen-test people I know of and watching you wiggle your way through this and that is really entertaining and informative at the same time. You could probably teach this stuff professionally through those platforms like skillshare or brilliant!
He has a great Udemy course
@@InsomniaFire what is the course called? Thanks
@@InsomniaFire whats the name of the course?
This is fantastic and I'm so happy I found your channel! I just participated in my first CTF (HTB Cyber Apocalypse) and it was so much fun! I didn't do too great, but learned a ton. Thanks for getting me into this fun 'hobby' to help build my skills as I work towards a career shift.
this video and your content in general is mind blowing. Truly awesome stuff!
1:00:24 got that Batman voice on point! :D
Awesome john, So much useful data in one video.Thanks appreciated
john this was genuinely one of your best videos!!
Fun walkthrough of a great box. Great job, John!
How random - I've met one of the guys who founded Hack The Box. He lives in my hometown. Glad to see it's launching into something really cool and getting attention - not surprised though, he was a very astute fellow.
Brilliant job John. Please keep them coming!
I do not live in this coding/hacking world at all, but, this was very interesting to watch. Thank you for creating this content
*Put a magnifying glass on your computer if you see red bugs you are in malware*
- John Hammond 2021 😹
Love that everytime John tries to showcase Pwncat it just breaks in some way
I saw your name pop up on the activity feed for the box a couple of days ago. I was hoping you would make it into a video, very cool.
Loving this type of content!!!!
We are now on amazon's watchlist.
I love your way of thinking!
It never ceases to amaze me how much of a security hole can be. LOL
Awesome job love it !
I loved this machine !! I learned di much about aws dynamodb
awesome content, thanks john
Great, really liked this
Great video John!
''Dang it'' part really got me!
You make it look too easy. I get inspired and try and realize quickly my experience is lacking haha!
This was a very cool action Movie! Maybe Mr. Robot season 5 with John Hammond? :D
I must say I get some Ippsec Vibes with the Ip Adress and how your saying the nmap stuff :D. But Grreat Video
"aws get-buckets" - Uncle Drew
That was friggin awesome John
I learned so much today
Just to inform everyone who are doing OSCP... Linpeas has been banned by oscp because of auto-exploitation feature... Again Linpeas creator reached out to OSCP and confirmed that there is no auto-exploitation feature on linpeas.. So OSCP agrees for the new version of linpeas and banned older version of linpeas so be careful....
love your videos dude !
I wish the audio was a bit louder 🥺
+1
@@RccoGamer 1+
agreed
You are the best Jonny
More Cloud John!
Thanks a lot, as always :)
Fun stuff! Wonder what would have happened if you had tried sshing with the usernames in their correct case.
This is extremely cool
Awesome John !
straight up cool
John is the best
Great music John Hammond xd
First person on yt who doesn't une neither Parrot nor Kali.
WWJD, What would John do? That's how I approach these challenges in HTB and THM. After watching these videos your voice and logic get stuck in my head!
Does the endpoint url take the place of access keys for the AWS cli? So because it's public you don't need any access & secret keys?
i wish for more htb content in the future
Peculiar john
This is top-of-the-line material. I read a similar book that was a huge turning point for me. "AWS Unleashed: Mastering Amazon Web Services for Software Engineers" by Harrison Quill
This video show that I know more about something John doesn't, hahah 😂
Beginner here. And i look up to the mountains and i see John Hammond😅...and my journey begins.
John: How do I use this?
Server: tutorial.start()
John: Nope...
Content is awesome but i would suggest timestamping videos which have length greater then 30 min.
Helps a lot!
Stop saying you're bad at everything. You're learning.
I get the temptation but think of everyone watching who likely is newer to this than you. They also are just learning.
nice one John...
Nice!
31:46 I think the fi you commented out at the bottom was a mistake
AWS top! John
And i like your outro.
Epic skillz
Rick and morty creator knows coding??!? This dude can do it all
I know NMAP is kind of the go-to for port-scanning. Have you tried Rustscan? It's built on top of NMAP but runs port scans much faster with exactly the same scan options.
Yes! I have showcased rustscan in other videos and I am definitely a fan, it is a super cool tool and very fast!
Great video, but how did you know that pd4ml had this specific file inclusion vulnerability without researching?
It triggers me if you add options after arguments, but I like it that you stick to the IPpsec method
nice
🤯👌🏼💯
It contains a bucket.
Dear God...
Scout, SEDUCE ME!
Resources you have shared with us such as RUclips videos and blogs are enough to crack OSCP exam or should we join any institutions to gain knowledge....?
What's the importance of adding the entry to your etc/hosts file near 3:30?
fudge btw
Showing Root_id_rsa : invalid format . Why?
Audio volume little bit low compared with other videos
more of this please?
Maaan whyyyy whyy u did not shared this 2 days ago. I had a HW project about AWS pentesting. I had got only some old staf...
it was not possible to see the flickering lights in the video.
For yt algorithm
Hey There Seth Rogan!
Ooop...the voice is little down ...!!
Yo how do u Zoom In in the terminal Lol
Hey. John... Please make a course for newbies to advanced 😭😭🙏🏿🙏🏿🙏🏿please
how come he was able to use aws cli on the bucket despite using random secrets?
My guess is the bucket was public
Man you are awesome 🤘🤘🤘......There was only one part that I didn't really understand. How did you run the .php in the S3 bucket??? because S3 only works with static webpage. It was not supposed to run .PHP 🤷♂️🤷♂️🤷♂️
You can use the s3 bucket stuff to upload the script. When you then visit the script via port 80, your request will be handled by Apache which will run PHP. If you finish the machine you can see that s3.bucket.htb will be forwarded to a docker container running local stack
@@tomvandencorput1408 OHHHHHHHHHH that makes sense. Thank you for the explanation.
What a handsome whitehead
Hello sir I have been watch RUclips for awhile now i saw your using ubuntu as your primary os soo my question is why u don't use kali or parrot os or any other Linux distribution????????????
ubuntu is for desktop which how he uses
@@takipsizad okkay 😁👍👍
Nice HTML LFI xD
i8ts areally awkward watching you pretend to not know this stuff and or have not read these exact pages. Still love the channel
You plunder
Где subtitles?
Can we hope for htb contents
You getting more views than ippsec now 🤨
etc/ is pronounced etsy. not etcetera, is it not? Semantics, but, I love your content. I am aware this video is a year old.
Please fix the audio - it's too quiet
where is the flag
Hey John, Your content is awesome man, but it is not recommended for script kiddies to learn real hacking because your content requires some level of knowledge on hacking/programming, 'coz to be honest, i have been trying to understand your videos where i am now solving ctf challenges and still find it a bit confusing to understand your videos sometimes, anyways
it's still a rich content!
I said fug guysss😂😂😂😂
Like first 10 comments; else:unsubscribe ("Mv to liveoverpellow");