For Cookies: You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)
I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me. Thanks Man! Looking forward to more of ur such videos so that I can keep learning.
I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.
I didn't know about TryHackMe until RUclips sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.
For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented. Just check which versions you got installed with: ls -ls /usr/bin/python* If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80 That worked for me :)
@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup
Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.
i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!
Great video! Thanks for doing this! Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.
tl;dr: -p will tell bash not to drop privileges. --- Invocation [...] The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in file names as described below under Tilde Expansion in the EXPANSION section. [...] If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset. --- linux.die.net/man/1/bash
why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material? Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible. The fact that you press Alt+f4 many times does not make you smarter.
i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?
Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...
pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!
I watched so much John Hammond that my son was born a ginger, true story.
damn😂
STOP LYING IK U R
Whether or not that's true, that's funny.
Umm who’s gonna tell him
maaan! dont make me sick😂
It would be interesting to see your TryHackMe streams without preparations, just cracking tasks in real time with chat. BTW, I like your CTF streams.
John hammond is that guy with whom you can hangout and discuss all the geeky stuffs and still look damn cool. Awesome John
For Cookies:
You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)
I just finished that room, I can’t wait to see how you approched this one !
He's such a kind respectful man, thank you very much for the walkthrough,Cheers
I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me.
Thanks Man!
Looking forward to more of ur such videos so that I can keep learning.
I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.
If u start to learn hacking on tryhackme you will understand very fast
You're a spy of mordor.
That privesc segment was absolutely splendid and educational, thank you so much John
I didn't know about TryHackMe until RUclips sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.
100% same happened to me
Great video John!!! It's always a class watching your approach, thanks for spreading knowledge.
For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented.
Just check which versions you got installed with: ls -ls /usr/bin/python*
If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80
That worked for me :)
Great work, love how you walk us through it
Hello John. A hug from Brazil. Your CTF videos are sensational. Explore more content in this theme. See you later!
Damn, that's a cool box. I've got to try this and Overpass2 now. Thanks for your great video John!
@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup
(20:41) - Using John to crack ssh key passhrase, NICE!
I am currently studying json exam quite in depth
Hacking aside, John also makes a good suspense actor
Hello John is there any reason you use chrome and not Firefox, or it's just personal preference?? Love your videos!!!
*almost types "/home/tryjackme"
John: Woah! Careful there John
I died!!!!!!
Haha same here!
Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.
Thanks for the heads up! Just added it in. :) Thanks again!
it was crazy how did you found flaw in log.js , i had no idea about it,, amazing
i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!
Love from india @John Hammond
We love your thm content..and also do more on hackthebox...
Yo John! Sorry if you’ve answered this before. Are you running Ubuntu on a VM, or bare metal?
Hey just a question ! ,
how did you know that the output of cat .overpass is a rot47 algorithm (at 22:37).
Love your videos btw
You find it out through by looking through the source code of overpass itself.
Glad yr back again in it keep it up
I eagerly wait for your TryHackMe ctf videos. Please upload more. ❤️ Love to watch your videos and learn from you. Thank you 🙏
Great video! Thanks for doing this!
Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.
tl;dr: -p will tell bash not to drop privileges.
---
Invocation
[...]
The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in file names as described below under Tilde Expansion in the EXPANSION section.
[...]
If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
---
linux.die.net/man/1/bash
Great video but HOW do I get linpeas onto the victim side WITHOUT your automated script/tool?
when you VPN into the challenge box does that not mean all your network traffic from your local computer is going through that box?
Ever considered ffuf? or is Gobuster just your go to preference?
What are the pre-requisites to have known before solving this room?
As a newbie, it's tough to understand for me, looks interesting
why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material?
Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible.
The fact that you press Alt+f4 many times does not make you smarter.
Awesome video John!! Thanks for sharing! Quick question, why do you run tee with nikto scan and not gobuster?
Just out of curiosity, how long does it take to actually solve these boxes?
Great Job! Greets from Germany
Well done !
obviously man ..this vid deserves a like :3
All the stars aligned, root cron that executes a shell script from an external source and a writeable /etc/hosts... Damn...
thank you, John, I have always enjoyed watching your videos please make more.
yeah yeah, keep making video, i just have completed the introduction room after watch your video.
waiting for john to write something in the readme file👀
Could you share your "upload_files_nc.sh" and "upload_files_wget.sh" on your github? thanks!
Good job
Very interesting video, I learned a lot, cool way to get root privileges at the end, thanks for sharing!
can anyone help me , what the tag -p of /bin/bash means ?
Love me some John "2 videos in 2 days" Hammond. Great Content!
Very enjoyable to watch :)
i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?
Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...
Just a Question. What does "-p" in /bin/bash -p
I like your singing.
Hi John, Great Videos Any chance you could walk us through setting up Cloudflare's Flan Scan?
This is definatly not a easy box catogory
Ty
Thanks!
Whats the use of /bin/bash -p ??
The -p option ensures that the effective user id is not reset.
pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!
which terminal is that?
Terminator
Great video again. But could you use pwncat next time?
This excites me
what was that system password for? Found any use for it?
Grande
Güzel içerik
Love from your discord server @John Hammond
please tell me what terminal multiplexer you use
I am using Terminator. I love it!
@@_JohnHammond thank you very much ... You've been my inspiration and effective immediately i will start using terminator
this box was awesome..
Thast awesome brother ^^
Nice!
Great
So cool
❤️
That's brilliant, but I like this
Wow! That was cool😎!!
NICE ED SHEERAN
8:00 is it python or js ?
I would say it’s js.
Nice
Hi John I really do like your vids . Could you pls slow down a bit...You do things too quick for us the newbies... :)
tryjackme lol.
careful john
Doing the yt algorithm thing
it was medium room
Nice. Ohhh💗
when i'm running python -m http.server command why it is coming command not found
sudo pyhton3 -m http.server 80
sudo: pyhton3: command not found
That -p would have helped me if i saw it yestersay for overpass 2...anyways alrdy done😅
When did ed sheeran starts writing codes
33:45 tryhackme on the way to sue you for defamation
K
TRY JACKME LMFAO
This would be better if you didn't practice this before you did it
I keep trying to subscribe but the only option I get is unsubscribe I can't figure it out... maybe next time. =)
John Hammond sar windows 10 OS use ethical hac**king course. Please🌹🌹🌹🌹🌹🌹🌹🌹🌹🌹
This looks like a clone of hackthebox.eu
#sudo apt hack 'John Hammond'
#password:
#access denied
I like to do the follow along but when I enter the command " subl " on tryhackme it says command not found.
nice