Bruteforcing MFA & Fail2ban Manipulation - TryHackMe! (Biteme)

Hey! Lovely video as always. Just wanted to say, the part where the hash of the password has to end in "001" in order to be valid and you've found one to be "abkr". You overworked the code a bit... For example you could have just made a single for loop going from a number 0 to 10000000, every number to string and just hash that, much easier and way less code to loop through numbers than ascii characters. The one i've found is 5265 with its hash being 'f127a3f714240273e254d740ed23f001'.

I was able to follow pretty easily up to privilege escalation because of previous knowledge, but even the prev esc part was understandable because of your thorough explanations!
Also loved to see that you actually took the time to code some brute forces (hash, code, and even directories (even though you didn't write the code yourself)). Sometimes it really does take some dirty, boring, and time-consuming work to get somewhere.

Loving the videos, currently studying for a cyber security degree here in the UK and find your videos are helping me pick up additional skills that are useful for my course. Thank you John

Fun fact:
Because cryptographic hashes map evenly from all possible inputs to all possible outputs, it doesn't really matter what you're hashing.
You could start at the number zero, take the hash from that and keep incrementing it by 1 until you hit your target hash. (or you could hash a random string/number every time)
Because every hash outcome has the same probability to occur, (and all hashes ending in "001" also have the same probability) you will find your target hash just as quickly.
Note: I converted the number to string here due to readability of the code. More straightforward computationally would be to simply hash bytes and increment those bytes until you hit your target.
import hashlib
i = 0
while True:
m = hashlib.md5(str(i).encode()).hexdigest()
if m[-3:] == '001':
print(f'the md5sum of `{i}` is `{m}`')
break
i += 1

Just loved the way you teach all of us is very precious... love you john ....!! and thank you for keeping up the good work.

19:31 "Umm, and actually I'm gonna do something stupid", with that voice crack xD I actually lol'd on that :D

I started watching your videos the same way people watch sports, so entertaining and educational! keep it up :D

Haven't been here a while but happy to be back! Great video John as per usual

I just started learning with Hack the box and although I understood very little due to my technical knowledge. I enjoyed the video.
I will come back to this video in 6 months time to see if my understanding has improved
Great content!

Very very good, John I have often followed your videos, and I must say that you explain all the steps really well. I really liked the Priesc with the service to restart, with the help of the comnado watch.
Really good.

This was a ton of fun. Thanks alot john. am also waiting, idk what am waiting but am waiting! 🤣🤣

How can you not subscribe to this? This is gold.

Love watching your context bro👍🏼

Although I could follow till the end while getting also lost with the playing around python prog stuff it was amazing...great video as always...thanks John

Really loved it. Learned a lot. Thank you so much for making great content. Really appreciate it.
Love from India

Dude, this is amaznig. I appreciate you content.

Another awesome video John... Really enjoy the content :)

Crazy never seen such a brilliant person ☺️

Nice video John. I've never seen .phps files in the wild before, but probably a good idea to include that extension when doing dirbuster etc. from now on. Privesc was pretty nice!

That was a really fun challenge to watch and now I'm going to practically try it out.

Great video, thanks for the intro to feroxbuster, wasn't familiar with that one.

Enjoyed the video as always!

That was awesome. Thanks john!

I love how you pop the machine's IP into $IP and then never use $IP again. ;-)

Man loved the way you explain everyting first ever video keep up the good work. :-)

Thanks again John for this video. Best regards from a 'Normie'!

Subscribed. Wow. Amazing content. Thx.

I loved It a lot! Thank You!

awesome video will definately give that room a go looks fun

i love this video mr ham hands ive missed the tryhackme content!! more pls

Thanx, again great video. And i’m a subscriber 🤣🤣🤣

Your talent in following numbers are so more this one to you got talent .

I hit the red button. keep up the good content :)

Hey John.. Your video was great.. Had a lot of fun.. I've learned a lot.. Well, not sure how much I have assimilate it.. I still need to practice.. Chuck was right in his videos, you are great.

Pretty cool! Nice demo. :)

loved it 🔥🔥

Hey John! Also waiting! ;)

This feels like old school Hammond. Love it.

Awesome video!

Waiting dudeee

You are a wonderful professor

I'm watching it in part for all the cool github links and in part for console wizardry, don't want for it to be a full-time job for me but these things are just so cool to watch.

For the algorithm, great video sir.

This was a lot of fun!

Loved it. Watched the whole thing and it is fascinating from start to end.

Nice video. Do you do any live boxes like fresh so we can see you stumble around a bit? I like that raw style.

You are Brilliant :)

John:
Some ideas for you:
I don't know every video you have on here but:
"This is what an attack looks like on screen on Windows"
"This is how the colonial pipeline happened and what I would have done to attempt avoiding it"
"The is how pen testers and bug bounty did their job in the Mitnick days before Burp Suite existed"
"This is how pen testers did their job before metasploit existed"
"This is probably why Russian and Chinese hackers are so good"
I'm thinking video like these would separate your account and put it at a new level of you have the time
Nice to meet another hacker!!

very good content bhaiya

Legend!!

Great vid

Awesome!!

😂 He said JSON instead of Jason 😂😂😂

from @26:38 to @28:30 you could simply just send any 4 digit MFA code and then in dev console right-click The post request from the network tab and select copy -> Copy as cURL.

nice one buddy

amazing!

Great video again. I would use ffuf instead of your bash command.

The goal I get it is take the shortest route but damn leaving all your requests commands and logins logged, gonna be hard to cover up.
Best video I’ve ever watched btw, no video has stood out to me so much, your knowledge is amazing!

Good stuff

I appreciate you.

that was pretty cool

i may be a few months late, but these videos always help me with my stuff, now i know what NOT to do when configuring.

Another great video. Could you please make a video on Active Directory Resources that can help us to prepare for OSCP (new exam changes)? Thanks a lot 🙂

12:50 Very useful tip while hunting on php target.

Waiting from Nepal

That ending hot me surprised

I love wfuzz. It's so super versitile. Directory search, dns name search, fuzzing user agents, cookies, form posts. You can get stuff from files, encode on the fly, get your input from stdin and pipe hashcat or some python script into it

Awesome

Thanks for teaching me something new as always!

People like you are the reason my accounts keep getting hacked lol

Thanks for another great video.
One question though: Why do you call the python script by invoking `python` when you have a python shebang set? Or asked the other way around: Why do you set a shebang when you don't chmod +x the script and execute directly?

chapeau :)

25:11 Ah, of course, my good friend -Jason- JSON

I love how the room has 67 upvotes and john says 75.

Amazingly Hackalisious!!!!!

That was entertaining

Ah yes,

I'm one of the other 45% \o/

Will you do a clickjacking video next?

{
This video is Unmatched.

Fail2ban enabled on the mfa would have been interesting

🤩 wow

john why are you rounding up at closest miltiole of 25 im curious 00:40

It is so ironic that fail2ban can be used for privesc. lol

我最近刚关注您 我刚开始学网络安全 这东西真的太复杂了 我原来也不懂编程和系统 我只会Microsoft office😹 太可怕了

LastPass 👀

Real life Uplink.

Hey John, in your loop, wouldn't it be better to use ... grep -v "Incorrect code" && echo $i; break ...?

Why does chmod +s /bin/bash allow for privesc on demand?

❤️

Anyone know what shell/interface he's using, been looking for it forever and can't find it. Really helps with the command and history prediction

Windows 8
Não precisa de ajuda nenhuma
Entende de tudo né?
É segurança da Informação?

I am soo noob right now and learning. I wonder how long would it take to brute force a 6 digit and a 8 digit code.

i dont understand shit about what ur talking (i dont even know english) but ur voice is cool and i think if i watch this videos i will be a bit smarter

xxd isn't a builtin, but a part of vim... ;-)

What kind of system are you running? CPU /GPU etc..!

sir can you make a csrf based video briefly explaining the topic\

on my computer the padding with {0000..9999} works in zsh but not in bash, am I the only one?

It is very easy when you do it, but the opposite is when we do it, it is difficult and it is not solved at all

Ah yes.. john..john hammond 🙂