Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!
wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro
I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!
are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!
as a normal linux user, I thought it was impossible to put hashes in /etc/passwd turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)
l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.
Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?
hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?
I'm not 100% sure, but I imagine it's to deal with a common authentication practice. Developers hash plaintext passwords before account creation, so they don't store passwords in the open. When you login, the password you type will get hashed and then compared to the stored hash. With that in mind, he needed to hash his password before storing it in the file to account for that.
Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?
I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong
Bro it turns out he uploaded the script to his github page. You can find it here ... github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
I use Terminator, and I can resize them with Ctrl+Shift+and the directional arrow key I want them to move in. You can do this with Tmux with Ctrl+B (or your configured hotkey) and the same keystrokes, I believe. Thanks so much for watching!
i will prefer to use tmux but if you like to use terminator use it but there is ways to do that right click on window it will show spliy vertical or horizontal
so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..
Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.
"That's not how you drink drinks"
- john hammond 2020
loved the root pwd overwrite technique!
Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!
Thanks John. This was helpful. We learn something new everyday with you.👍
Great video again John!!! I didn't think about replacing the passwd file with our own. Cool solution!
wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro
I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!
You're amazing..keep on going!!!
God, I love this guy♥️
That moment when the cute peas appears is priceless! Great vid as always, thanks John.
We love you man
Keep them coming
Thank you sir..Enjoyed Very Much
Bravo, master!
That was awesome watching you work kudos from Tea4Two
loved that privesc technique, awesome stuff, has always :)
loved how to typed the words..awesome technique
Nice Job Sir
Awesome video again. Thanks.
Awesome as ever thanks!
Amazing thank you
Very cool tbh, I would have never thought to change the password with your own that was very cool😂😂😍
Congrats on 80k!
Great video John, learned something new today :)
Learnt so much from this
This is what iam waiting for
What a great concept, love the vid:D
That was amazing !!
Please tell me your ring tone is the crescendo of the Jurassic Park theme song.
yay johns guna be on
that was actually tuff how long have you been doing this
Linpeas ..👌
that was useful thanks john
Using export for variables in the terminal.... why have I not done this year ago! Thanks
very cool
Loved it alot
Thank you. Probably I shouldn't allow anyone sudo without password especially with sort of wildcard command.
Nice john
are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!
can you explain what was that "nmap/initial" you did there with other commands ??
-oN/-oX/-oS/-oG : Output scan results in normal, XML, s|
" Mkdir nmap/initial " makes a directory in the nmap folder called intial if nmap directory doesn't exist it creates one.
@@mccoysebrell630 thanks
Do you havr a video where you go over your note taking and subl?
as a normal linux user, I thought it was impossible to put hashes in /etc/passwd
turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)
I like the way you ended the video :P
l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.
I feel like i will never learn hacking even its my dream when i was a kid
Don't give up so easily man, try doing a lot of tryhackme rooms and you will see how quickly you can learn stuff.
@@jelluh24 thanks man i am now and i try to do some rooms and take notes and am learning with other friedns now
@@KIRANIUMR3D4 And? Are you still learning? How far did you come?
@@Juliana-mo7ef i became better it becamse clear to me that hacking is about learning every day and never quit
thanks bossman :)
Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?
Why you dont use wappalyzer ?
Thing, enter
♥️
What does he use to split terminals?
kinda neat to (nikto)
I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?
hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?
I'm not 100% sure, but I imagine it's to deal with a common authentication practice. Developers hash plaintext passwords before account creation, so they don't store passwords in the open. When you login, the password you type will get hashed and then compared to the stored hash. With that in mind, he needed to hash his password before storing it in the file to account for that.
Nick Carter is correct. Linux stores passwords hashed, so it's not going to be able to handle an unhashed password in /etc/passwd.
Again a veryyyyyyyy noice video :-)
I can't find any access to sudo without password :(
guess my company's server is good enough
Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?
I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong
are you using the openvpn client on windows? if so its much simpler if you use it on kali
@@jeromekim5856 I'm on Linux
John this is bad.
I came here to see, How to stabilize shell.
Bro it turns out he uploaded the script to his github page. You can find it here ... github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
Ninja
Where i can find gobuster tool please tell me
apt search gobuster
Jerome Kim thanks dude i appreciate it ❤️❤️
Can you please tell me how you can resize your tmux windows ?
I use Terminator, and I can resize them with Ctrl+Shift+and the directional arrow key I want them to move in. You can do this with Tmux with Ctrl+B (or your configured hotkey) and the same keystrokes, I believe. Thanks so much for watching!
@@_JohnHammond okk thanks , No thank you for making these awesome contents ! , upload more we are waiting 😁
hey can anyone tell me how he splits his terminal like that? terminator?
He assign a shortcut keys first in terminal preferences...
i will prefer to use tmux but if you like to use terminator use it but there is ways to do that right click on window it will show spliy vertical or horizontal
You can also split in terminator by default with ctrl+shift+E and ctrl+shift+U if I recall correctly
@@rattatteb Thanks Ill check it out
there's a few programs out there that'll do that, i use: tmux
Im new to all this and was wondering how you install kali linux
Try hack me web offers you (through paid suscription) a kali linux virtual machine so you dont have to install it.
you download the .iso from their website and burn it to a disk or a usb
In EU the load times are much faster :/
I should go switch to the new US OpenVPN server!
You look like burger planet
so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..
For people who are confused
This no password is just for specific commands
I lost it at plzsub, so i had to sub
Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.
I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?