TryHackMe! [Web Vulnerabilities] Local File Inclusion

Поделиться
HTML-код
  • Опубликовано: 23 ноя 2024

Комментарии • 110

  • @MrTheMemes
    @MrTheMemes 4 года назад +45

    Thanks John! I'm a newbie out here in the world of cybersecurity, your videos are helping me out A LOT. Keep it up man!

    • @_JohnHammond
      @_JohnHammond  4 года назад +10

      Very happy to hear that, thank you so much! And thanks for watching!

    • @naifal-anazi4525
      @naifal-anazi4525 4 года назад +1

      @@_JohnHammond that's true

  • @sechvnnull1524
    @sechvnnull1524 4 года назад +6

    Fantastic job! Every thing that you do start to finish is vitally important. Your doing much more than simply giving answers to rooms; You are teaching your thought process and a general outline one should take each and every time. Repetition is a great teacher and having a structured strategy to follow is what it takes to succeed. So just wanted to encourage you and thank you for your hard work and time!

  • @jd-raymaker
    @jd-raymaker 4 года назад +38

    tip on socat if you don't want to bind or reverse the connection:
    sudo socat STDIN EXEC:/bin/bash

    • @_JohnHammond
      @_JohnHammond  4 года назад +14

      Oooh! That is AWESOME! That's not even in GTFOBins, you should definitely submit a pull request! And thanks for watching!

    • @jd-raymaker
      @jd-raymaker 4 года назад +9

      @@_JohnHammond pull request submitted :)

    • @abdullahyasin3055
      @abdullahyasin3055 3 года назад +1

      Great man i did using your trick and its included in gtfobins rn :)

    • @YousufKhan-pe9wy
      @YousufKhan-pe9wy 3 года назад

      @@_JohnHammond nice wabsite i love yiu

  • @Sandesh98147
    @Sandesh98147 4 года назад +8

    Youre not losing quality and anytime you feel like it, you can always slow down the video upload freq. Im sure a lot of us will understand. You do amazing work and I dont want you to get burned out by it.

  • @spigels4532
    @spigels4532 4 года назад +3

    Hey man, I'm new to your channel but wow, have been loving your content! I've learnt more just watching and listening to you than I have picked up in years. Thanks! and I'll see you around.

  • @mcvaluemenu
    @mcvaluemenu 2 года назад

    this video is a life saver. sometimes THM doesnt have things portrayed thats easy for me to understand. you have helped a lot.

  • @tanawatmunmueang7924
    @tanawatmunmueang7924 3 года назад

    I used to watch your videos when I was 14, learning how to making games in python. Now I am in uni and here you are with your amazing videos. Thank you!!!

  • @HabibsWorld96
    @HabibsWorld96 3 года назад

    Thanks & respect John! I'm a newbie from Bangladesh💓💓

  • @FernandoGonzalez-kc2vl
    @FernandoGonzalez-kc2vl 4 года назад

    Ok im addicted to this channel. Good work ! Greetings from Argentina

  • @mattstorr
    @mattstorr 3 года назад +1

    I know this is an older video, but the difference between this and your latest ones is that you take more time in the later ones. You zoomed through this at such a pace, wildly alt-tabbing between pages that it was (at times) difficult to follow. I found myself having to constantly stop the video and try to work things out by looking at the image rather than listening to your voice. Still, learnt something I didnt know, so keep up the great work :-)

  • @realkiddshady
    @realkiddshady 4 года назад

    Another great video John. Thank you.

  • @kinjolnath
    @kinjolnath 4 года назад +3

    Thanks John. Looking forward to more live streams (:

    • @_JohnHammond
      @_JohnHammond  4 года назад +1

      Hoping to do more on the weekends! Thanks so much for watching!

  • @jamesfinlay1364
    @jamesfinlay1364 3 года назад

    Keep up the great work man. I just subscribed to tryhackme with 0 experience and I’m loving the website.

  • @johnhack67
    @johnhack67 2 года назад

    Hey John. Fantastic work mate.

  • @Gormlessostrich
    @Gormlessostrich 3 года назад

    Thanks, John!

  • @haraprasadghosh6866
    @haraprasadghosh6866 3 года назад

    Sir please explain the buffer overflow practical for the OSCP simple and easy techniques.

  • @راميابراهيم-ز9ن
    @راميابراهيم-ز9ن 4 года назад

    You're a king. Well played man!

  • @eklypzn
    @eklypzn 4 года назад +6

    I wanna see John dance to his outro music

    • @_JohnHammond
      @_JohnHammond  4 года назад +4

      Maybe in the 100k subscriber special? ;)
      Thanks so much for watching!

    • @chiragjogani3389
      @chiragjogani3389 4 года назад

      John Hammond 100k subs done sir

    • @therenaissance8322
      @therenaissance8322 4 года назад

      @@_JohnHammond you have more than 100K subs. When are you going to fulfill the promise?

    • @BrosBrainsBroke
      @BrosBrainsBroke 4 года назад

      In @John Hammond's defence he did say maybe🤔🤔🤔😁

  • @GuideYeti
    @GuideYeti 4 года назад +1

    I LOVE THIS GUY

    • @_JohnHammond
      @_JohnHammond  4 года назад

      I LOVE YOU TOO!
      Thanks so much for watching!

  • @ghadeeralhayek4373
    @ghadeeralhayek4373 4 года назад +3

    "i jest hate doing algorithms" we all do dud

  • @Child0ne
    @Child0ne 3 года назад

    john can you make a video on setting up your terminals and all your shortcuts and keybinds you use to maneuve around quickly, you are the only person that rips around terminals seamlessly, i would love to learn how to do it like you

  • @tristankeller7875
    @tristankeller7875 4 года назад

    John "HAMMER-TIME" Hammond!!! Luv ur stuff! lol n applause! tnx 1000 for entertaining with your amazing skills!!

  • @learntechnos4629
    @learntechnos4629 4 года назад

    I got problem in a site m working on. i can view all files in all directory, but cannot read. Can you help me on this?

  • @khalidaldrouby719
    @khalidaldrouby719 4 года назад +1

    Keep up the good work !

    • @_JohnHammond
      @_JohnHammond  4 года назад +1

      More on the way! Thanks so much for watching!

  • @ozgunozerk334
    @ozgunozerk334 4 года назад

    Hello John! Why the website did load after aggressive nmap command, and why did it not load before? Any ideas?

  • @adhishrikothiyal.dreamz
    @adhishrikothiyal.dreamz 2 месяца назад

    Can anyone share link to this lab? I am unable to find it.

  • @MatteoGariglio
    @MatteoGariglio 3 года назад

    Hi John (from the future), I love watching/learning from your contents! What is the actual code inside the script: stabilize_shell3 ? Cheers

  • @viv_2489
    @viv_2489 3 года назад

    You are awesome 😀

  • @HabibsWorld96
    @HabibsWorld96 3 года назад

    at last part ,i heard a background music, tell me name plz😅

  • @MrPiks0u
    @MrPiks0u 4 года назад +1

    I tried to LFI user.txt and root.txt from the webpage.
    Both worked... because root is running flask

    • @_JohnHammond
      @_JohnHammond  4 года назад

      AHAHAHA THAT is AWESOME, good call! I should have tried that! Thanks for watching!

  • @sand3epyadav
    @sand3epyadav 3 года назад

    You r my fav teacher

  • @westernvibes1267
    @westernvibes1267 4 года назад +1

    Cool, how did you make that stabilize shell bash script tho?

    • @lordtony8276
      @lordtony8276 4 года назад

      He's got a video on his channel that's called "poor man's pen testing" or something along those lines where he shows how to do that bit.

  • @ashaak1863
    @ashaak1863 4 года назад

    Dude the shell stabilize script is awesome. Mind sharing? I always do it manually :D

  • @PC-fe1pf
    @PC-fe1pf 4 года назад

    Bro i have a question if you can answer it. Did you use xdotool for your shell stabilizer? If not how do you background the shell from a script?

  • @shivangraina9698
    @shivangraina9698 4 года назад

    Great video john..btw Can we do this challenge by tampering ssh log files to get rce?

  • @data_eng_tuts
    @data_eng_tuts 4 года назад

    I am facing the same issue while accessing the machine ip via Web browser. any suggestions.

  • @minecrero
    @minecrero 4 года назад

    Hey John! while watching your video I noticed how you stabilized your shell. How do you do that? is it a precoded script of somesort?
    Great video btw, keep on the good work

    • @minecrero
      @minecrero 4 года назад

      @Antony Niyazov I'm not sure I completely understand, but thank you, I will try it

  • @CookeMignon-r4b
    @CookeMignon-r4b 2 месяца назад

    McLaughlin Mills

  • @surenavdalyan6036
    @surenavdalyan6036 4 года назад

    Hey John , can you plz provide Stabilize_shell2.sh, Stabilize_shell3.sh ? how it is written?

  • @claudiafischering901
    @claudiafischering901 3 года назад

    Hey, I like your CTFs. I found it too, but you don't need a reverseshell. The Wbeservice run as root, so you can find the flags only by url. ^^ Funny. But never ever run a webservice as root. NO GO!

  • @d4rkytff114
    @d4rkytff114 2 года назад

    What is the version of your ubunto OS

  • @ChaoticVengace
    @ChaoticVengace 4 года назад

    Hey John! Love the videos and the KOTH live streams. I'm still a beginner in this field and one of my biggest problems I think is taking good notes. I love that you write a README for every box you do, but am having trouble making my own without just trying to copy you. Could you possibly do a video on how to take proper notes and writing up a box? Or would you have any quick tips? Hope everything for you is well :)

  • @jakemcneil9887
    @jakemcneil9887 4 года назад

    What do you mean by stabilize the shell?

  • @NieshaAdi-n1r
    @NieshaAdi-n1r 2 месяца назад

    Anderson Isle

  • @neilthomas5026
    @neilthomas5026 4 года назад

    Very cool as always :)

  • @CowperMoira-c4d
    @CowperMoira-c4d 2 месяца назад

    McKenzie Pines

  • @samuelwittlinger7790
    @samuelwittlinger7790 4 года назад

    Where can I find the script to stabilize the shell?

  • @CyberTron_SnakeTomahawk
    @CyberTron_SnakeTomahawk 4 года назад +1

    Hey John this “stabilize_shell” do you use “rlwrap + netcat”?

    • @afetodefato1436
      @afetodefato1436 4 года назад +1

      github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
      Look if it help you
      And he have video on youtube explain how it works too

    • @EndisuKKJJ
      @EndisuKKJJ 2 года назад

      @@afetodefato1436 thanks 🦆🤝🏻🦆

  • @HelloImCrimson
    @HelloImCrimson 4 года назад

    Is there a video of you doing like a really really hard hack, the type that makes you think for a while? If not, make it lol :D

  • @LoreneMoore-x2h
    @LoreneMoore-x2h 2 месяца назад

    Silas Forge

  • @multifriendproduct
    @multifriendproduct 4 года назад

    Link for stabilize shell script?

  • @petrovasyka8
    @petrovasyka8 3 года назад

    Can we crack root hash from etc/shadow?

  • @faruky9197
    @faruky9197 4 года назад +1

    adamsın adam

  • @zzsql
    @zzsql 3 года назад +2

    This is really neat stuff but You blow through it so quickly, not explaining key elements that the viewers will learn less.
    As with 'Stabilize Shell" you did. No idea what you did there but it sounds important so I'll google it.
    We call them learning opportunities that you're missing.
    Otherwise, awesome.

  • @LuciusMarner-s9x
    @LuciusMarner-s9x 2 месяца назад

    Paige Prairie

  • @saadhith
    @saadhith 4 года назад

    I think it's low-key to ask this. But what is John's outro song name?

    • @_JohnHammond
      @_JohnHammond  4 года назад +1

      That is Lost Sky - Fearless. The artist used to be called TULE, but you can them by "Lost Sky" now. Thanks so much for watching!

    • @saadhith
      @saadhith 4 года назад

      @@_JohnHammond I'm seriously happy that u replied dude. U r doing a great work. Nvm those ip error , typos, and stuff like that. Its kinda a fun in this serious thing. Thanks a lot for the efforts u put in doing these vids to help beginners like us to learn new stuff. ❣️

  • @kairavb
    @kairavb 10 месяцев назад

    I prefer quality

  • @Mindflayer86
    @Mindflayer86 4 года назад +3

    Why on earth are you taking notes? -You literally made a complete video about the entire process. xD

    • @ozgunozerk334
      @ozgunozerk334 4 года назад

      He likes his stuff ordered, nice and clean maybe?

    • @megvmean
      @megvmean 3 года назад

      You should always do this. It's good practice.

  • @davidmacon1138
    @davidmacon1138 Год назад

    This is a video that ASSUMES a lot of those that view. Not a good resource for newbs

  • @wize7475
    @wize7475 4 года назад

    is it weird that I got into hacking like a week ago and Ive watched like 15 of your videos already?

    • @cristhianz91
      @cristhianz91 4 года назад

      How is it going for you? Are you subscribed to try hack me?

    • @wize7475
      @wize7475 4 года назад

      @@cristhianz91 Not yet. Right know Im just trying to understand the basics, learn about the tools etc. But I think its something I want to progress on. Watching John use the tools also gives me some understanding about them.

    • @owendmartin
      @owendmartin 4 года назад

      You should also look at some of John's CTF (Capture the Flag) videos for good byte sized, digestible information. Also you can look up some well documented Archived CTFs (ie PICOCTF or one of google ones) to get some hands on practice. (shameless plug) Also check out his Discord. Lots of smart people there who are also interested in this sort of thing. ;)

  • @reneshraghu3172
    @reneshraghu3172 4 года назад

    nice bro

  • @rajeshwaris6663
    @rajeshwaris6663 4 года назад

    which python or which python3

    • @_JohnHammond
      @_JohnHammond  4 года назад

      Yup, I suck bahaha. I'll try and remember to go for that next time!

  • @TomMuller-t9f
    @TomMuller-t9f 2 месяца назад

    Thomas Brenda Garcia Dorothy Garcia Ruth

  • @ca7986
    @ca7986 4 года назад

    ♥️

  • @FranklinYvette
    @FranklinYvette 2 месяца назад

    Smith Jason Rodriguez Robert Taylor Jennifer

  • @нинавасильева-щ3е
    @нинавасильева-щ3е 2 месяца назад

    01244 Wava Mountain

  • @annafan83
    @annafan83 4 года назад

    Moar!! :3

    • @_JohnHammond
      @_JohnHammond  4 года назад +1

      More coming up! Each Tuesday and Thursday this month! Thanks so much for watching!

  • @MOSTIE100
    @MOSTIE100 2 года назад

    nice....

  • @HarringtonJim
    @HarringtonJim 2 месяца назад

    Clark Donna Lopez Larry Martin Kevin

  • @NoyesBruce-k4n
    @NoyesBruce-k4n 2 месяца назад

    Williams Angela Thomas Sarah Johnson Amy

  • @dopy8418
    @dopy8418 4 года назад

    Hey john, telling you as a i watch your videos a lot to learn. i watch them hitting pause and rewind constantly. You look kind of tired and indifferent on that one compared to earlier stuff. Careful with that. You might wanna do little less but keep’em motivated.

    • @_JohnHammond
      @_JohnHammond  4 года назад +2

      Good to know, that is good feedback, thanks for letting me know. You can tell by the lighting and the colors in this video that it is pretty late at night, and there are even some flops in this video since I had some left over stuff from the other one. I'll try and do better to pace myself, especially the VM starting up and the OpenVPN nonsense. Thank you for the constructive criticism -- and thanks for watching!