Did I fail to mention I spent most of the week struggling on this one during the contest?? I am on 1st name basis with all the animals on the site!! BTW, please, what is the Firefox extension you use in tool menu that drops down and shows you the site cookies?? Gotta get that tool!
Man that was impressive! I will definitely study this video a lot more, to get a better sense of how to interact with a remote server like this! Thank you for sharing!
I was watching one of the old vids where there was more light and the cam was closer and I just noticed how beautiful jhon is. You got a life dude try to keep it
50:13 John: I dont think that was too awful Me: It would have taken me yearsss !!! LOL - As always great xploit. Keep the good stuff coming. Hope you win the raffle !!
The first searchsplit script was making the request via POST. When you tried to see if the path exists, it was a GET. Not sure if using POST would've worked, but it's possible that the request path 404s if it's not a POST.
Thanks for uploading this video, John! I learned a lot from it. Unfortunately I wasn't even able to get the first flag. That made me feel really bad :( Maybe I gotta try harder
@@cuttlefishn.w.2705 I'm afraid this wouldn't have worked in this case because I got stuck in the /etc/hosts part. I didn't even know that was necessary to proceed with the CTF. I was trying to exploit the main subdomain, using its IP address
I use Terminator, and have the keybinding hotkeys so Super+Right will split vertically and Super+Down will split horizontally. Very convenient for just jumping into a new shell in the same current directory :)
One more comment then I'm out of here lol but I am currently trying to learn how RSA works and how I can decrypt it effectively to complete some CTF's but i am finding it incredibly difficult to learn. Would it be possible for you to make a tutorial on how to get around these types of things using python etc.
About ngrok, I think the only reason it didn't work is because the outbound traffic to the port created (11559) is not allowed by the box. I may be wrong though
Is there a way to specify the installation directory of Programms with the standard apt-get packet manager? Like you with all your tools in one folder /opt
How do you determine what's considered "cheating" when the game is hacking, i.e. unauthorized/roundabout access to information? Apparently searchsploit's on the table, how about prior writeups?
I trying this room and i am successful uplod the shell but i dont know why my reverce connection of net cat is not get back i also try with ngrok but still not working pless help me
Hello sir I am also interested penetrate testing but sir I have little bit confusion when I play start CTF on try hack me platform. Many of concept I never be familiar with them so it makes difficult to solve so sir you have resources which can help us plz tell and If you make the videos on pentrate testing concept which things exactly to know for beginners it's very helpful And what to do when we stuck ? And I solved blue machine (tryhackme) by taken reference from your video
Great video, as always. Just a little comment about python, becuase this seems to be a really common misconception I've found in thousands of scripts out in the wild. You don't really need to `str.join(list(generator))` You should instead just `str.join(generator)` (x for x in y) is a generator, and it does not need to have parens around it when already enclosed in some (as it is when it is an argument): ``` In [2]: (lol for lol in 'lalala') Out[2]: In [3]: def lol(a): ...: print(a.__class__) ...: In [4]: lol(a for a in 'lol') In [5]: lol((a for a in 'lol')) In [6]: lol(((a for a in 'lol'))) ``` I mean `" ".join(lol for lol in 'lalala')` works, you don't need to create the intermediate list `" ".join(here->[lol for lol in 'lalala']
Nononono. You aren't aware. This giveaway is not by John Sir... There is a room on TryHackMe Called Year Of The Jellyfish. The rooters of that box are participating in the giveaway. It's gonna end soon.
Hi sir, you should use clipboard extension to have your copy paste functionality more fast , btw im your big fan , your videos are awesome . Hope to meet you one day. Love from india🤗🤗
The room does not look hard as before advertising the Ctf. It's a really easy one not so much tough Thanks by the way because I was also stuck on the back connection but my scenario style is different.
yo frick muiri! this box was harder than anything that’d be on oscp. i’m so sick of being made to doubt my readyness for it because of this kinda shit. and the oscp itself isn’t even a fair representation of what any netsec job would entail. ctfs are literally cancer.
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
Videos of you solving challenges with no fore-knowledge of the box are the best. Please do more of these.
bro its fake ,he must have done this 100 times before start recording lol
The "stabilizing the shell manually" part was awesome!
What an amazing journey. Totally enjoyed the raw experience. Keep uploading John. JohnHammond's video = Motivation.
Oooop we almost, very almost, had a swear in there haha!
21:12
What? FUCK?
Not almost, we did have one, quietly. At least I heard him swear when he said it the second time.
John Hammond "You are an exploit!" - hilarious!!-another great write up and I was able to follow your steps and root it myself tonite- well done!
Did I fail to mention I spent most of the week struggling on this one during the contest?? I am on 1st name basis with all the animals on the site!! BTW, please, what is the Firefox extension you use in tool menu that drops down and shows you the site cookies?? Gotta get that tool!
editing that python script on the fly was definitely dope 🔥🔥
Mwana boka, du moins un congolais ici,j'y m'entendais pas
Man that was impressive! I will definitely study this video a lot more, to get a better sense of how to interact with a remote server like this! Thank you for sharing!
thanks john, the art of editing the exploit for foothold is really amazing
I was watching one of the old vids where there was more light and the cam was closer and I just noticed how beautiful jhon is.
You got a life dude try to keep it
Awesome!!
Was a pleasure seeing this
Glad your back to kind of content (HTB,THM). Keep it up.
Thank you John your going back and forth teaches me the many different ways to go after the solutions your looking for!!!!!!
It's insane how you make it "easy"... unbelievable! Super super interesting videos! Thanks
Really dope! Enjoyed this live a lot!
Just subscribed, you deserve a lot more of subs :)
50:13 John: I dont think that was too awful
Me: It would have taken me yearsss !!! LOL - As always great xploit. Keep the good stuff coming. Hope you win the raffle !!
The first searchsplit script was making the request via POST. When you tried to see if the path exists, it was a GET. Not sure if using POST would've worked, but it's possible that the request path 404s if it's not a POST.
I’ve learned a couple of things from watching this guy. The most important thing is to not mess with him
8:41 You are very funny 😂😂
i loved this. this was soooooo fun. i really enjoyed it. i love it. thanks john. :)
cool that was one of your best videos, please make more like this
He is better then my computer teacher 😂🤣
Wtf is a computer teacher
@@koreliusk Bruh
@@koreliusk in our country there are teacher/sir who teaches basics and above about computers. We (actually everyone) call them computer teacher/sir
Even I know more than my cyber-security professor lol..
Wtf 😂😒
Getting the foothold for this one was one of the most annoying thing i have dealt with.
I've completed the room :)
It was nice, for me it was a new concept
I have a chance at this! Here's hoping!
Gotta get all those jifs. Wouldn’t want to miss all those jraffics.
so was jellyfin just a rabbit hole?
Almighty Algo stuff!!!!!
That was freaking awesome
Thanks for uploading this video, John! I learned a lot from it. Unfortunately I wasn't even able to get the first flag. That made me feel really bad :(
Maybe I gotta try harder
After an hour or 2, go out for some fresh air for about 5 minutes, brainstorm, and come back googling whatever you came up with.
@@cuttlefishn.w.2705 I'm afraid this wouldn't have worked in this case because I got stuck in the /etc/hosts part. I didn't even know that was necessary to proceed with the CTF. I was trying to exploit the main subdomain, using its IP address
@@AUBCodeII That suggests you shouldn't be doing rooms with "hard" difficulty yet.
@@bmbiz oh that was a room with "hard" difficulty? I didn't know lol
@@AUBCodeII 😀
great video as always! :)
29:44 that moment xD
What happed between 29:43 - 29:56 ?? What you were thinking ??
Let's goo! Love this
thank you for the video , it helps me a lots to improve my skills
Peculiar
🏂Like always, the most Top on the field!!☕
i have watched so many of johns videos. really started to respect him... untill 1:15 ...it is a sad day... Pfft Jiff
Can someone give me the shortcut John is using to open a new instance of his shell please. Absolutely nothing I have searched gives me the answer lol
I use Terminator, and have the keybinding hotkeys so Super+Right will split vertically and Super+Down will split horizontally. Very convenient for just jumping into a new shell in the same current directory :)
@@_JohnHammond ah that’s awesome! Thanks for getting back to me. Awesome video by the way
I spent all the time to get foothold. no clue about privesc.. nice machine.
This was hard!
your the cream of the crop, John, very very good.
One more comment then I'm out of here lol but I am currently trying to learn how RSA works and how I can decrypt it effectively to complete some CTF's but i am finding it incredibly difficult to learn. Would it be possible for you to make a tutorial on how to get around these types of things using python etc.
Check out cryptohack, they have a pretty comprehensive series of challenges to learn this
@@xB-yg2iw ah you absolute legend! Much appreciated
@@xB-yg2iw wow it’s perfect just checked it out. Couldn’t thank you enough for this 👍🏼
20:11
SO THAT IS A USER IMAGE !!!!
About ngrok, I think the only reason it didn't work is because the outbound traffic to the port created (11559) is not allowed by the box. I may be wrong though
[SPOILER]
After rooting the machine, if you run the command "iptables -nL" you can check out the allowed ports: 443,445,80,25,53
How did he "stablize the shell", he has done it like multiple times, but I have no idea what he does
Ah a shrek reference a man of cloture 👌
what's the song at the end of the video?
Is there a way to specify the installation directory of Programms with the standard apt-get packet manager? Like you with all your tools in one folder /opt
I guess you wouldn't need to use ngrok, since ur in THM VPN connection... cool video @John Hammond
everytime I run the exploit for monitorr it's giving me a " is not an image". Its like it's not uploading anything at all???
Nice Job
Love watching these. Have no idea what’s going on. All seems wayyyy to hard
Like your videos maybe you can do a easier one and Chyna do a walk-through explanation of what you’re doing and why like so much
How do you determine what's considered "cheating" when the game is hacking, i.e. unauthorized/roundabout access to information? Apparently searchsploit's on the table, how about prior writeups?
jif is wrong, Gif! it's a G
3:15
You are inside a VPN, how your ISP will know that you are doing an Nmap scan?
This box uses a public IP address that is not within the VPN.
PLEASE make a video how to install sublime in linux i am unable to install sublime text editor
l love you john you are the best :)
youre so awsome
I trying this room and i am successful uplod the shell but i dont know why my reverce connection of net cat is not get back i also try with ngrok but still not working pless help me
can I ask to teach the Termux application?
- _That should request the page!-
Yes, if only you had edited both requests to use the same path.
What computer set up do you use John ?
Great content again. Thank you John for this. Really cool stuff.
Bro thus room was very hard
Trying to join your discord, but can't seem to get the link to work :(
Every time I get blocked for reverse shell i use 53 port so that can bypass firewall and so i can have shell give it a try !
what is ur os?
Hello sir I am also interested penetrate testing but sir I have little bit confusion when I play start CTF on try hack me platform. Many of concept I never be familiar with them so it makes difficult to solve so sir you have resources which can help us plz tell and If you make the videos on pentrate testing concept which things exactly to know for beginners it's very helpful
And what to do when we stuck ?
And I solved blue machine (tryhackme) by taken reference from your video
What OS you are on?
hey, would you try analyzing RotaJakiro linux malware next?
I would be interested in this as well!
what is updog
Great
Alistair the Alligator is legit
What's updog?
Did this exceptional specimen say... jif?!??
Why does it sound like John has a 75 character password.
i made a python module to do my math homework for me but watching you do all this is making me feel just a little unintelligent
what OS does he use?
Ubuntu
Great 🔥😍
Ok nice
Great video, as always.
Just a little comment about python, becuase this seems to be a really common misconception I've found in thousands of scripts out in the wild.
You don't really need to
`str.join(list(generator))`
You should instead just
`str.join(generator)`
(x for x in y) is a generator, and it does not need to have parens around it when already enclosed in some (as it is when it is an argument):
```
In [2]: (lol for lol in 'lalala')
Out[2]:
In [3]: def lol(a):
...: print(a.__class__)
...:
In [4]: lol(a for a in 'lol')
In [5]: lol((a for a in 'lol'))
In [6]: lol(((a for a in 'lol')))
```
I mean `" ".join(lol for lol in 'lalala')` works, you don't need to create the intermediate list `" ".join(here->[lol for lol in 'lalala']
9/10 likes
1 down because you missed to rename the extension on rev-shell script 🤪
Love your videos ❤️
I'm waiting for zeus 😐
ooknib and ogwxxb collab when?
Pretty easy for a contest
cool
I want to get this :)
Oh Jesus, this is a big giveaway, and I really need this😛
Nononono. You aren't aware. This giveaway is not by John Sir... There is a room on TryHackMe Called Year Of The Jellyfish. The rooters of that box are participating in the giveaway. It's gonna end soon.
@@PreetisKitchenltr yeah
man how do you even cheat in these boxes?? lmfao
Hi sir, you should use clipboard extension to have your copy paste functionality more fast , btw im your big fan , your videos are awesome .
Hope to meet you one day.
Love from india🤗🤗
Desafio muito bom, mas dificil
🤩🤩🤩🤩🤩😍
Wee
I need it ...
The room does not look hard as before advertising the Ctf.
It's a really easy one not so much tough
Thanks by the way because I was also stuck on the back connection but my scenario style is different.
♥️🇮🇳 pretty cool and knowledgeable !!!
yo frick muiri! this box was harder than anything that’d be on oscp. i’m so sick of being made to doubt my readyness for it because of this kinda shit. and the oscp itself isn’t even a fair representation of what any netsec job would entail. ctfs are literally cancer.
Please don't make things so big, zoom out a bit