Filter Evasion in a REVERSE SHELL (no spaces!!)
HTML-код
- Опубликовано: 30 июн 2024
- j-h.io/plextrac || Special thanks to PlexTrac for sponsoring this video -- try their premiere reporting & collaborative platform in a FREE one-month trial! Spend more time hacking, and less time reporting 😎 j-h.io/plextrac
00:00 NahamConCTF The Space Between Us
02:32 NahamConCTF 2022
03:41 Demo Begin
07:50 Server code
10:51 Getting a reverse shell
14:54 pyminify
22:39 Finally got the shell!
28:15 Final Thoughts
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
The amount of knowledge that John has is unbelievable, hope that some day i have that amount of knowledge as well. Also John's organization and multi tasking skills are insane.
I came here to write this same comment. I didn't know you could do this to passwd
You should actually check out OALabs, this very kind guy with his community is DIE HARD. His core business is malware analysis and reverse engineering, but he knows tons of stuff and all newest funniest memes. You wont regret it
@@boogieman97 what for real? I didn't know about him. Let me check it out. Thanks for the info
@@MygenteTV yes OALabs is very underestimated!!! But a real 'hidden' gem
@@boogieman97 thanks
Ahh, classic JH Speedrun. 🤣 Joking aside, Love the long form videos where we can watch you struggle. Seeing the thought process is so helpful
All of my videos are 1000% perfect and I make no mistakes at all, ever.
@@_JohnHammond you r greatest of all time
Thank you John, I have been subscribed for a while, but not till recently have I really come to find so much value in every one of your videos, big respect. Thank you.
I have a coworker who talks just like you. I work in a SOC and he talks about how "garbage" elastic is.
This whole video was just showing off your old github repo. Nice one!
Cool, i learn some new things. Thanks
Sir, I like the way you are so swift while doing your hands on implementation, beside that your explanation is extremely intelligent, wish you could guide me on books you could recommend to me so that I can be like you?
An easier way to kill the root passwd entry would be to use sed inline: `sed -i 's/root:x/root:/g' /etc/passwd`
I an shouting at the video, "exec takes a string!", which is making me frustrated, but also smart. Thanks!
The beats on that PlexTrac ad though 😅
love this kinda video
awesome video good job
Amazing. 🎉
You could have used __import__('os');ifs=os.getenv('ifs');
So cool!
Nice 😎
Cool video as always. Good job john
Amazing
Thanks mr hamond if tou can do video explain how you make this challenge
I've made a similar CMD challenge with somore bad filtering, and submitted it to my friends, they can't get their head around it ! 😈
ly john
ly 2 rye
U can even check the linux version and Exploit it easily if ther was virnubility in that Flag system
You might not be able to use vim in visual mode, but you could use vim in ex mode like a real hacker ;)
I was expecting you to use Villain
🤯
15:14 why try put $var in single quoted string? Do it into double quoted one!
love how theres a challenge called "dont hack my d"
20:10 uhhh I'm new to IT but i think you put an extra ")" in the last part of line
20:15 maybe its trailing newline but presets
hey John, ever heard of this behaviour before?
when I cat a file in bash, i get the output of the file but after this finishes printing to std out, the keyboard buffer gets flushed to the command line with GUACAMOLE displayed as if it was a command to execute
some sort of weird buffer overrun? ROP to type that into the input buffer? i'm at a complete loss to explain this
This is not related to any buffer overflow or whatsoever, this is just the stdin buffer that spits back to stdout, nothing fancy. This most like a too large file to process for cat into memory. To me it sounds like a failover action, which is quite normal behavior
I'm lost so if you put a space in the command line it runs a python
the reason the first python attempt failed is likely because of single quotes, they act like raw strings in python, so no variable substitution occurs
might be wrong tho
6:34 random oof
The algorithm brought me here, I got a hell of a rootkit, had some sort of a digital demon spawn with a photo.exe/ short cut virus and none of my of anti-virus programs can get rid of it so I guess I'm learning to computers now. I can send you a file or or usb or something lol. Mostly kidding, but can anyone eli5 or point me the way?
Zip up the fole with password infected (if you can) and send it to the malware submission link in the description!
What I have noticed more and more in recent years is that "hacker influencers / cyber security influencers" are increasingly commercializing the scene and making the greatest possible profit and it is no longer about the true art that everything is somehow related to money. you get suggested that you have to buy some courses to learn. Somehow I don't feel that way. I mean that in general terms and not aimed at John directly
I do hope that it rings true that I have not made any courses, and all of my content remains free and freely accessible. I do sponsored videos and run ads so I can continue this for the future, but at its core, my content is free. :)
@@_JohnHammond why do you need sponsors who pay you thousands of dollars to keep making the videos? I could make the same kind of videos without having to sign advertising contracts with third parties. I even know some who do exactly that after their regular work without product placement. I don't mean to attack you or anyone else in this scene, I just want to understand. I would look forward to an answer. if it is greed I would understand the answer too.
@@ahr0cdovlzk3my1lahqtbmftdw7 I wouldn't say that I "need" sponsors in order to keep making videos-- I would still be making videos without them, and the channel has been active and producing content for the first whole 10 years of its existence without any sponsored revenue. I certainly know other creators that aren't sponsored just as well, and I'd still encourage anyone to make videos with or without sponsorship. It's all about the passion and love of learning. Even without revenue, I would still be making videos. So I'd ask back at you, why do you do what you love to do? Why do you make money? Support friends and family and yourself? If you can be paid to keep doing what you love to do, why not embrace that opportunity, and do what you can to provide for your loved ones AND fulfill your passions at the same time?
@@_JohnHammond excellent response!
I'm not a Linux pro, but I *do know* that IFS stands for Input Field Separator.
There's a lot of confusion on the internet about this but from the bash man pages, "IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is ``''." You can check this by going `man bash` then searching for IFS.
ok i didn't understand, He created a fake shell with python but at the same time He was able to get environment variables from Linux, am I misunderstanding something? I don't even know whether this doubt makes sense
He is getting the input from the user and then removing spaces, tabs and newlines and then passing that to subprocess.Popen(), which will just run any commands you give it, and then it returns the stderr and stdout to the user connecting to the service.
Feedback: Not really too big of a fan of the sound effects and stuff in the video.
Idea: Could you maybe do a video on that subprocess.Popen(shell=True) thing?
Super appreciate the feedback, huge thanks! Are there other sound effects that would fit better, or just "don't use any sound effects at all"? And what other "stuff" do you mean by "stuff"?
I can certainly try to put something more formal together on subprocess Popen!
@@_JohnHammond "Stuff" was referring to the visual effects that accompany the sound effects, and the random text and images that pop up on screen sometimes.
Like the X that goes with the buzzer sound or the random wastebasket emoji and one liner jokes in text that visually popped up.
For the content presented I would prefer no sound effects, because I feel like they don't add anything useful (or even entertaining in my opinion) to the video.
I think sound effects should be used when appropriate, and sound effects like that ROBLOX "oof" sound shouldn't be forced into a video that seems to be more focused on education than entertainment.
Educational content should probably be optimized for educational value rather than entertainment value!
Audiovisual effects are probably best used for emphasis, so if, for example, you add an infobox when presenting a bit of information, you could add a sound effect for that infobox appearing (and disappearing) to give it some emphasis and make it feel less empty (this is why people tend to play "woosh" sound effects when using fly-in text, for example)
As an example for such an infobox, you could use one to explain the command line flags you use in the recording for common commands like nc and nmap, so people who know how it works can look past it and just watch the video continue, while the people who don't can read the relevant information.
Such an info box could also be made full screen, which is best accompanied by voice over in my opinion - you could explain something like normal in the live recording, and then you could add a temporary full screen visual explanation of what you are talking about so people don't stare at a static command line while you talk - this should also help with keeping up video engagement. (So it might be worth trying out- even outside of the ad reads where you already do something similar)
I think that's enough rambling from me, I ended up going on for too long about this infobox while that was actually supposed to be about the sound effects...
Apologies for the huge text dump 😅
@@centdemeern1 Nothing to apologize for, this is great constructive criticism -- huge thanks! We'll think more on sound effects or visual effects and try to find a better balance on educational vs. entertaining. Very good to know when we miss the mark, though, and can course-correct. Thanks again!!
@@centdemeern1 Woo hold up! relax, as far as you are getting the whole content right, be chill and appreciate...Shouldn't you be focusing on the content or something like that rather than minute details yet the content is top notch.
@@ewaat well I’ve been watching John’s videos for a while and he never had these sound effects, they suddenly got added
Medium difficulty. oof.
These videos would be so much easier to sit through if you got rid of that loud distracting noise.
Which noise?
@@nordgaren2358 The one in the introduction.
@@aidancollins1591 you mean intro music?
@@nordgaren2358 I wouldn't refer to that as music, but yes. Just him talking would suffice.
24:39 you could've just use `sed` or something, *sed -i "/^root:/ s/:x:/::/g" passwd*