HackTheBox - "Remote" - Umbraco & Windows

"All the interesting stuff is seemingly just me." - John Hammond, 2020.

I am 13 and I learn so much from you!!! Keep it coming!

I just love to watch your videos. It's because of you that I got to learn many new stuffs. Thank you very much. Plz keep posting new videos and also do suggest new tools and new methods to tackle situations. Lots of love from India 👍😍❤️

grandma approved

for a long time i've been scared of touching ctf for the complexity and stuff but for real you are amazing and you opened my apetite for this , so thanx a ton

I'm happy you're doing these again :)
Maybe I can catch the stream

Very cool box this one. Thanks for the good explanation! Keep doing these.

This is such a satisfying video to watch ... thank you ...

Pretty excited to see your approach especially the priv esc part. I did the lazy way of team viewer.

Nice walkthru - I missed the Teamviewer/Win-rm stuff when I did this one and escalated with 'Invoke-ServiceAbuse' (after an unplanned KOH with someone else trying to do the same ;-) )

again a great video by john..keep up the good work 👍

Amazing! Thank you John!

Vibing to the RUclips premier music a minute before it plays

wow, that's scary. Thank you for the video! Learned a lot from it!

Hey John, pretty excited... Love your videos 👍

amazing skills, thanks for the videos

Awesome content by the way...I'm a huge fan!!! kudos!

Thank you For Awesome videos

Awesome as always!

Great I always lear something new evry watch ur vdio

I know you tried zsh at one point, did you not enjoy that shell experience? Another good video big guy, thanks for sharing your experience with the community.

right when you said Acme I knew it was some wild e coyote shenanigans

When you put the playback speed on x2 and can see into the future

I've pleaser to watching you hacking stuff, thanks a lot.

That machine was really fun to play with

good time! enjoyed

45:38 It's funny that John didn't realise that when he used DIR, the length was showed automatically :)

Pleaseeee bring your videos daily...❤

Very helpful, 39:48 now I know how can you upload a shell without blocking.

Hey brother your videos are awesome!!

John love your video. keep it up. Unfortunately bunch of the machine you have done seems to be retired. Cant find them on the site

Little did he know, `cURL` comes with modern windows 10

You could have connected via teamviewer if you had the teamviewer id. This id can be obtained from the windows registry if your IIS user was able to access it. Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer Key: clientid

Hey,
I need to understand, if u could run that revsehll from the beggining, so why didnt u go for it?
There is a special requaierment to that revshll cuz it looks it is gonna work on any windows pc...
Ty very much! Hope you will answer me:)

happy funky Friday is funny because Im looking this at a friday

Does anyone have a nudge for TypeError: 'NoneType' object is not subscriptable? I used the exploit from the github repo with the requirement.txt file. Used quotes for url like the readme. Probably a connection problem? The script will also complain when there's no args input -a for -c ipconfig or other one worders. Any help would be great

Dude i love you

You're a beast!

"I know it's just an easy box" he says..

I think you couldn't scroll back when enumerating with winpeas, since terminator has a default scroll back history. You could disable that for "infinite" scrollback

OP

How do you get into a win 10 then with Windows antivirus active? (So wanna hop into my brother's machine, just to see if I can)

Intresting

Cool!

9:00 Can you provide a link to that "batman" bash extension? I can't seem to find it.

umbreako, umbraco, hahaha JIF, GIF, made me laugh :)

what do you think about parrot os? would you like to do a ctf on this os?

I love this video 🤩 😍💖💖💟 please make more this type videos big fan sir from India

John. It is pronounced as “umbraco” and “gif”
PS: awesome video, as always!

Okay using win-rm i have issues getting the rubey gems file to install....you should do a video on install at least

hey john, cronos box in HTB is retired now can you do video on that. ?!

keep it up love from iraq ♥️

on your video, did you overlooked the gobuster output for "install" giving you a status code of 302? This usually contains juicy information.

When your enumeration skilz become parallel enumeration. New CTF challenge using your microphone to enumerate through all the pronunciation possibilities of your scripting toolz until the interpreter spits out the flag 😁

how can i join your discord channel i ran $verify but its not working any help???????

Can you help me with an exploit on windows10 through open port 6881 which is the BitTorrent server open port.

"RUclips Algorithm stuff"

Nice Video 👍🏻
Do you work on a virtual Maschine ?

On a actual system you Won't be able to use msfvenom or metasploit. How do I do such things John?

When you said "GOOGLE MAPS" it closes out of RUclips and reopened the Google maps app

Nice

Do you have any more tips for becoming a specialist in cybersecurity

6:00 "The holy words" 😆

Cool.

Wha keyboard are you using? It sounds really great.

John! Are you working on a special Linux distribution or is it just simple ubuntu with tools installed?

Umbra co
um-bra-co, bro.

Hey sir what didn;t u use wmic.exe to remote code exexute

Bro I love your work but please your too fast. Some explanations needed on some tools used. But Otherwise I love your work. Your a great person

Do you use another terminal like "Terminator" or it's just color scheme extension ?

# Nice, keep it up 👍🤩

19:47
this code is offensive to python

0:15 I can relate bro :{ LOL

12:50 uhhhhh that's not a "quick snapshot"

Ubuntu or Kali Linux?

I think the metasploit exploit failed because the base dir was set wrong

You didn't even migrate your meterpreter

Do you follow ippsec? Because this isn't the first time you posted the same htb bix at the same time 😜

"youtube algorithm"

I still trip out on how these are "easy" machines...should be medium at the very least.

My issue with all these CTF's is, rarely does any of that work in a real world pen test, especially when you are given 40 hours to test a network, not just 1 machine. and dirbuster? in 15 years its not come in handy beacuse, REAL COMPANIES DONT USE WORDPRESS lol

花儿都等谢了

Am I the only one here where all the exploits don't go well? I even finished this box with the Burp suite 😑😕

hey

you are the exploit bruh !

do you know ippsec?
lol - looks nearly a 1:1 copy of it. 🙊

I have a idea look at my identity there will be a name to give them that Will help you know me from them

Silly comment for the algoritm

tu fast thats why you dont aprove de cert

it's pronounced umbraco

16th comment 1,367th view

Lol "easy box"

You're not that good but you can hack teh box

*Generic silly comment*

Hey John can u take a look on WWBuddy at tryhackme ?

The abstracted theater basally pat because lyric disturbingly preach during a curious blood. ten, nebulous rainbow