To clarify for those that might be confused, this is giveaway is going on BEFORE this video premieres. Fawaz is the individual offering this giveaway, not me -- and you can enter by playing and solving "The Great Escape" room on TryHackMe before this video premieres. This video will showcase me going through the room "cold" without having ever seen it before (so there are a lot of fails). So if you'd like to enter the giveaway, go play! tryhackme.com/jr/thegreatescape
Oh, I had no idea about that and only set the reminder on the video 2 days ago (considering the thumbnail). RIP for not actually opening the video and going through the comments yesterday.
maybe upload the full versions as hidden on youtube and link them in the discription of the edited down version? i love these full on struggle mode videos, way easyer for my brain to follow the train of tought and actually think for solutions / options while watching it.
Absolutely. I like to see the pain and adulation in all its glory. Makes me realise its not just me sitting here tearing my hair out trying to get inside of these peoples heads :-)
This is soooo much better and more educational than you doing a 20 min video on it doing everything right. The more you get wrong, the more I learn from you! Awesome video, more like this please!
Indeed, I also love how this gives us a good viewport on your train of though, and how to go about it in general, something I've personally been struggling with somewhat trying to learn cybersecurity.
This is by far my favorite video of yours. I love to see the step-to-step thing more than reading a write-up or see a "I know it all" kinda video. I would love to see more of these. Cheers mate!
Awesome video, keep doing them like this. The condensed version make us new guys (me at least) feel like straight failures. Plus seeing how you react, your research and logic defiantly models what progress should look like. And the struggle is still real.
I have to say, these "real" engagements are great to see! Keep it up please! One of these 1+ hr vids every so often (monthly?) WILL bolster your numbers (side bet?). Thanks for all your hard work John.
i like these uncut videos because I tend to get discouraged when I stumble so seeing someone who is infinitely better than me do the same is a good confidence boost
I prefer videos like these, because it gives me time to shine if I have another idea while you are brute forcing your ideas. Also, it shows me your though process, which is important skill that I don't have developed nowhere on your level. Thanks!
This is the best CTF video I've seen yet. This earns my subscribe button push. Thanks for taking us through that whole process. I'm just starting out trying things on THM and CTF Time and this was fascinating to watch even if I didn't know what you were doing or why. Thanks again!
John you rock. You got frustrated in a few points, but you kept trying different tactics to escape. Well done and I like learning how you did it here. Thanks.
Came here for the free stuff. Stayed for the awesome content. It's really nice to see you go through these challenges without prior knowledge about the box because it shows us how you go through the process of enumerating and what not. It reminds us that none of us use magic and doing these boxes can always be a struggle for anyone. Thank you John! I learn new things from you every video! Oh yeah, and I'd love to see more like this!
Your a rockstar John I love this format also. It really does show the thought process in depth and that's a skill that isn't easily learned Thanks again for your teaching!!! Great channel and a benefit to the community as a whole!
I've just sat through the whole video, and for some reason, I liked seeing you struggle as I do sometimes. Because usually in the regular procedural videos it appears you never struggle as I do :) Either way, I like watching you so keep up the great work!
I know everyone has said this, but this is such an amazing style of video! I thought it represented what real hacking is like more than a scripted approach. Keep it up!
This was great! I am just starting out but, honestly, I really found this helpful. It took me over three hours to get through the video because I kept pausing to try my own things before giving up and praying you knew what you were doing. And big surprise, .... you did! I thought for sure I had beaten you to the punch once or twice but I was wrong. This is still a little over my head, but in the end it was great fun and I think I learned more this way. I am more motivated to give things a shot when I know you will be grinding it out in the background as well (at least as long as I have three hours to burn, haha).
I like this off the cuff style of video. it gives a better perspective of just how much time this can take in real time. I can totally see some speed run type of bets coming from these. like maybe the room has a time limit or maybe there are prizes for the shortest time to find these flags.
Now, that's insightful! It actually showcases "we're here to learn" with failing is learning and *that's all right*. I like the short videos that I can watch on small bursts but I'd definitely like to see more struggling ones once in a while. As usual, great content 👏👍
Very interesting video! Sometimes I was banging my head against the wall waiting for you to realize a few things that I thought of myself, but then other times you did stuff that I never would have thought of and I learned new stuff! So I think that shows that this is a great way to learn. Well done! 👏🏻
just a little nmap trick: if you forget to -v (put the scan in verbose mode) you can activate verbose while scanning by pressing the letter v. You can press it as many times as you wish to get more verbose. If you want to make the scan less verbose or not verbose at all you can press V (capital v there) and it will decrease the verbosity level, more presses will decrease it more and more.
This is a great demo of all the specific skillsets that make hacking so much easier. Once he read the hint that said "somewhere well known" my web-dev brain INSTANTLY went to the .well-known directory. To be a great hacker, you need to know ALOT about alot of topics.
"this was a horrendous video for you to sit trough"... NOOOO.. no it wasn't.. i had a lot of fun watching you work.. and i also learn stuff while watching.. i usually dont learn shit while watching others do stuff this is the first time i learned something without me having to do the work myself.. ty!
This is really interesting stuff ngl. I've always been into programming and I've tried a bit of etichal hacking before but just found it too complex. I'll have to give it another shot some time. Love the content, keep it up man :)
hey john if you did not know this both firefox and chrome allows debugging for large js files in one big line. idk about chrome but i seen someone do it in a video, but for firefox open inspect element go to debugging and select the file you want to debug, at the bottom left corner of the debugging square you will see a symbol that looks like "{ }" next to an eye symbol, simply click it and it will revert the file in a format that you can debug and read easier!!
excellent video ! I fell less alone when I'm stuck for hours finding out why my reverse shell isn't working! That's real life. you should make more videos like this one ;-)
I really thought for a while that you had to exif the png Photo on the main page via the request url api to get some hint ... It's nice to see you struggle, like we know and you always tell that you already did things, but seeing it live allow to understand a bit more how easy it can be to go to the wrong direction and stay in there for too long ^^ Thank you :)
To be honest i didnt forward anywhere... I like these videos than preplanned ones :-)... May be noobs will be able to figure out how you tackle everything when you are stuck i mean how to break the hurdles... Amazing video....
Next time you're working with docker, you should checkout the 'docker cp' command, and the '--user' flag to docker exec. Great video though. really enjoyed it
Thanks very interesting to watch you going trough the challenge. I only did once in my live. We had to hack a cisco router or something. Worked with four men together. I came accros a password hint somewhere. It said something like the password is a commonly known word in IT books. I type in "foobar" and yes i gained user acces or something but no root acces yet but i was in. That was fun. We all did not know much about routers so we poked around for another hour looked into some documentation and then called it the day :p Again thanks for the video.
Hey John! I'm not sure how often you check your comments, but I just wanted to thank you. I have always been on the fence of if I want to download kali linux and start looking into ethical hacking and after watching your TryHackMe! Basic Penetration Testing and was really intrigued. Now I attend San Diego State University in the field of Computer Science. Hoping to go into ethical hacking.
Just wondering if anyone has come across a intentionally frustrating challenge where it has tons of juicy looking low hanging fruit, that all turn out to be dead ends (but forces the attacker to keep looking, in case they missed something). And then the real answer is like a broken inline image that really contains the flag in text format, despite the file extension (hence the broken image)? So in the end, it could take 2 minutes to get the answer with novice skills, but many would spend hours of applying advanced techniques.
Hi John, can I ask, will ever do or ever have done, a video talking about your learning journey? Where you started, how you became interested in hacking and how you learned your skills?
But the circle is still too damn big, IMO. I'd be good with something about a quarter of the size. If he were a cute girl maybe half the size. Bunch of guys don't need to see another guy that up close and personal. Seems awfully narcissistic to me...but maybe there's a valid reason for it that I'm not aware of. ¯\_(ツ)_/¯
@@heddospacenegroe1923 If I were watching on mobile I'd be even more annoyed...i.e. why is this big circle taking up precious screen real estate and obscuring the _content_ ?
If I ever design a hack room and you try to login with admin/admin the error message is definitely going to be "You didn't think that would work did you?"
Typing not looking at the key board was taught in middle school. Not hating, just saying. Love your videos and I am not in IT so I live vicariously through you for that lol.
@@_JohnHammond but seriously, from my younger days could you have used something like... Payload : exiftool -Comment=’’ filename.png. And making the filename.png to .php.png. I’m current watching so I’m not sure if you have actually done that or not.
To clarify for those that might be confused, this is giveaway is going on BEFORE this video premieres. Fawaz is the individual offering this giveaway, not me -- and you can enter by playing and solving "The Great Escape" room on TryHackMe before this video premieres. This video will showcase me going through the room "cold" without having ever seen it before (so there are a lot of fails). So if you'd like to enter the giveaway, go play! tryhackme.com/jr/thegreatescape
Oh, I had no idea about that and only set the reminder on the video 2 days ago (considering the thumbnail). RIP for not actually opening the video and going through the comments yesterday.
Your video will premieres at 00:30 am 18 feb in India 🇮🇳 so bad !
How do we find out about giveaways ahead of time? Is there a specific link on TryHackMe ?
@@Kargha im in the same boat haha
Hey Hydra here,
I'm not sorry :)
Glad you all enjoyed my room.
I personally like this format a lot better than a condensed version where you already know all the answers.
same me too
I was thinking the same thing. I can understand if not every video is the full version but I'd love to see these more often.
maybe upload the full versions as hidden on youtube and link them in the discription of the edited down version? i love these full on struggle mode videos, way easyer for my brain to follow the train of tought and actually think for solutions / options while watching it.
Absolutely. I like to see the pain and adulation in all its glory. Makes me realise its not just me sitting here tearing my hair out trying to get inside of these peoples heads :-)
Had to agree. Is nice to know-how is done before is edited for youtube. Kinda gives real-time perspective.
This is soooo much better and more educational than you doing a 20 min video on it doing everything right. The more you get wrong, the more I learn from you! Awesome video, more like this please!
agreed
Indeed, I also love how this gives us a good viewport on your train of though, and how to go about it in general, something I've personally been struggling with somewhat trying to learn cybersecurity.
i very like the struggle, it shows how really hacking is.
Tip: If you forgot to run nmap with `-v`, just press `v` while it's running to increase verbosity.
WHAT?!
this might be one of the best tips I've gotten lmao
you can also to s for status
Nice. Thanks.
Came to say this, was beaten to it.
thankyou
This is by far my favorite video of yours. I love to see the step-to-step thing more than reading a write-up or see a "I know it all" kinda video. I would love to see more of these. Cheers mate!
Awesome video, keep doing them like this. The condensed version make us new guys (me at least) feel like straight failures. Plus seeing how you react, your research and logic defiantly models what progress should look like. And the struggle is still real.
I have to say, these "real" engagements are great to see! Keep it up please! One of these 1+ hr vids every so often (monthly?) WILL bolster your numbers (side bet?). Thanks for all your hard work John.
@john hammond you can increase verbosity by hitting the 'v' key while nmap is running even if you never initially flag it.
Something new I learned, thanks
@@praisong7475 I saw it in a video I watched a day before I watched this one, so I had to share. :)
@@Saylem1000 Yeah that's cool. I'm taking the oscp PWK and didn't know that till today years old.
i like these uncut videos because I tend to get discouraged when I stumble so seeing someone who is infinitely better than me do the same is a good confidence boost
I prefer videos like these, because it gives me time to shine if I have another idea while you are brute forcing your ideas. Also, it shows me your though process, which is important skill that I don't have developed nowhere on your level. Thanks!
Now this, I like. The real struggles of an ethical hacker.
This is the best CTF video I've seen yet. This earns my subscribe button push. Thanks for taking us through that whole process. I'm just starting out trying things on THM and CTF Time and this was fascinating to watch even if I didn't know what you were doing or why. Thanks again!
John you rock. You got frustrated in a few points, but you kept trying different tactics to escape. Well done and I like learning how you did it here. Thanks.
Came here for the free stuff. Stayed for the awesome content. It's really nice to see you go through these challenges without prior knowledge about the box because it shows us how you go through the process of enumerating and what not. It reminds us that none of us use magic and doing these boxes can always be a struggle for anyone. Thank you John! I learn new things from you every video!
Oh yeah, and I'd love to see more like this!
The art of not giving up!
Your a rockstar John I love this format also. It really does show the thought process in depth and that's a skill that isn't easily learned Thanks again for your teaching!!! Great channel and a benefit to the community as a whole!
I've just sat through the whole video,
and for some reason, I liked seeing you struggle as I do sometimes.
Because usually in the regular procedural videos it appears you never struggle as I do :)
Either way, I like watching you so keep up the great work!
This format was phenomenal and I'm ecstatic to have found your channel.
Not gonna lie, I much prefer this style of video. It's nice to see we're not the only one stumbling along!
I know everyone has said this, but this is such an amazing style of video! I thought it represented what real hacking is like more than a scripted approach. Keep it up!
Not only did you complete the CTF, YOU DID IT IN REVERSE. Now that's impressive lol
This was great! I am just starting out but, honestly, I really found this helpful. It took me over three hours to get through the video because I kept pausing to try my own things before giving up and praying you knew what you were doing. And big surprise, .... you did! I thought for sure I had beaten you to the punch once or twice but I was wrong. This is still a little over my head, but in the end it was great fun and I think I learned more this way. I am more motivated to give things a shot when I know you will be grinding it out in the background as well (at least as long as I have three hours to burn, haha).
I watched the whole clip without getting bored and very excited about the way of thinking and research.. I prefer this type of video
keep going
I like this off the cuff style of video. it gives a better perspective of just how much time this can take in real time. I can totally see some speed run type of bets coming from these. like maybe the room has a time limit or maybe there are prizes for the shortest time to find these flags.
Thanks John, I love the real life hacking aspect of this, we get to see your thinking process as you go. this is great.
Enjoyed the video very much. It is good to see the all process, fails and successes. I feel that I always learn something. Great work John!
Now, that's insightful! It actually showcases "we're here to learn" with failing is learning and *that's all right*.
I like the short videos that I can watch on small bursts but I'd definitely like to see more struggling ones once in a while.
As usual, great content 👏👍
Please do more like this!!! Great to see you struggle like I do all the time
Very interesting video! Sometimes I was banging my head against the wall waiting for you to realize a few things that I thought of myself, but then other times you did stuff that I never would have thought of and I learned new stuff! So I think that shows that this is a great way to learn. Well done! 👏🏻
Sir You Are Awesome! This Is The First >1 Hour Video That I Watched Completely.
Please John continue with this format !
"I have no idea if that will literally return anything... BUT LETS DO IT!" - John Hammond
just a little nmap trick: if you forget to -v (put the scan in verbose mode) you can activate verbose while scanning by pressing the letter v. You can press it as many times as you wish to get more verbose. If you want to make the scan less verbose or not verbose at all you can press V (capital v there) and it will decrease the verbosity level, more presses will decrease it more and more.
This is a great demo of all the specific skillsets that make hacking so much easier. Once he read the hint that said "somewhere well known" my web-dev brain INSTANTLY went to the .well-known directory. To be a great hacker, you need to know ALOT about alot of topics.
RIP, the time is midnight here XD
haha mee too 02:00 PM
lmao same
1:32😁
@ProExodus01 yep
I can't tell if your webcam occasionally freezes or if you're actually sitting that still
You must have a photographic memory. Your recall is phenomenal
"probably going to get my stuff pushed in.." lmfaoo so good.. don't run into enough ppl who use that phrase.
"this was a horrendous video for you to sit trough"... NOOOO.. no it wasn't.. i had a lot of fun watching you work.. and i also learn stuff while watching.. i usually dont learn shit while watching others do stuff this is the first time i learned something without me having to do the work myself.. ty!
Honestly, i would love to see a more .. explained video.. and as to the security flaws exploited to get there.
Loved it. Please do more!
"A Horrendous Video for you to watch" ??? DUDE, this made me stay awake until 2am. I. Regret. Nothing.
It was nice to watch and see the mental process.
This is really interesting stuff ngl. I've always been into programming and I've tried a bit of etichal hacking before but just found it too complex. I'll have to give it another shot some time.
Love the content, keep it up man :)
Man lately the videos have been too much on the simple side for me but this feels on point and I'm loving the energy :D
The exact second you said "My terminal might have crashed", my terminal crashed..
hey john if you did not know this both firefox and chrome allows debugging for large js files in one big line. idk about chrome but i seen someone do it in a video, but for firefox open inspect element go to debugging and select the file you want to debug, at the bottom left corner of the debugging square you will see a symbol that looks like "{ }" next to an eye symbol, simply click it and it will revert the file in a format that you can debug and read easier!!
died laughing a couple times, amazing
excellent video ! I fell less alone when I'm stuck for hours finding out why my reverse shell isn't working! That's real life. you should make more videos like this one ;-)
I really thought for a while that you had to exif the png Photo on the main page via the request url api to get some hint ...
It's nice to see you struggle, like we know and you always tell that you already did things, but seeing it live allow to understand a bit more how easy it can be to go to the wrong direction and stay in there for too long ^^
Thank you :)
the struggle is real, i relate to this
This is pure fun to watch! You are the best!!! I hope you make a video about ASLR bypassing on modern 64bit machines.
This kind of video would be so great as a live stream
i watched the whole video and it was fully worth it !! it was fun !!
I love to see you guys struggle, It gives me moral boost XD
ahhh... exosting :) But I got it too, ~5h, I was pausing and trying on my own, 2/3 by myself, still, you're amazing!!! :)
58:6 "lol" that was funny !
To be honest i didnt forward anywhere... I like these videos than preplanned ones :-)... May be noobs will be able to figure out how you tackle everything when you are stuck i mean how to break the hurdles... Amazing video....
Great vid, you had me laughing more than once on that well-known solution 😂
I have seen hollywood movies less exciting than this! - very nice video :) Thanks for sharing
Next time you're working with docker, you should checkout the 'docker cp' command, and the '--user' flag to docker exec. Great video though. really enjoyed it
Thanks very interesting to watch you going trough the challenge. I only did once in my live. We had to hack a cisco router or something. Worked with four men together. I came accros a password hint somewhere. It said something like the password is a commonly known word in IT books. I type in "foobar" and yes i gained user acces or something but no root acces yet but i was in. That was fun. We all did not know much about routers so we poked around for another hour looked into some documentation and then called it the day :p Again thanks for the video.
At 1:30:37 there's a file *exif-util.back.txt* ; I thought there was a hint related to backup files hanging around?
Really Awesome video, hatsoff . This video was educational and motivational as well
Thx John, please do that again.
Hey John! I'm not sure how often you check your comments, but I just wanted to thank you. I have always been on the fence of if I want to download kali linux and start looking into ethical hacking and after watching your TryHackMe! Basic Penetration Testing and was really intrigued. Now I attend San Diego State University in the field of Computer Science. Hoping to go into ethical hacking.
Hey josh I’m John Hammond and I just wanna say awesome I am so happy for you
❤️ Love these style videos as well!
Just wondering if anyone has come across a intentionally frustrating challenge where it has tons of juicy looking low hanging fruit, that all turn out to be dead ends (but forces the attacker to keep looking, in case they missed something). And then the real answer is like a broken inline image that really contains the flag in text format, despite the file extension (hence the broken image)? So in the end, it could take 2 minutes to get the answer with novice skills, but many would spend hours of applying advanced techniques.
Very cool! Keep going!
I personally really like this man keep going ...
thanks sir, great job
Hi John, can I ask, will ever do or ever have done, a video talking about your learning journey? Where you started, how you became interested in hacking and how you learned your skills?
I was also stuck here for long long time ... and then i gave up day later
BTW it was great video
I really love yr contains man ! however i need to ask a simple question : what i should learn to have like yr knowledge bro .. and thanks 🙏
I like how you turn the cam space into a circle because the square takes up alot of space
But the circle is still too damn big, IMO. I'd be good with something about a quarter of the size. If he were a cute girl maybe half the size. Bunch of guys don't need to see another guy that up close and personal. Seems awfully narcissistic to me...but maybe there's a valid reason for it that I'm not aware of. ¯\_(ツ)_/¯
@@bmbiz people on mobile.
@@heddospacenegroe1923 If I were watching on mobile I'd be even more annoyed...i.e. why is this big circle taking up precious screen real estate and obscuring the _content_ ?
@@bmbiz good point.
@@heddospacenegroe1923 Thanks. :)
Great vid. Thanks! :D
Amazing!!!! Great video.
Amazing video😂🔥 Hard box look like fun🎊
I was stuck from beginning to end, very fun, alwesome
man I lovd this Thanks a lot
Big ups on the struggle, I feel ya!
That ending tho
This is amazing!
Amazing video as always John ❤️ sorry couldn't join the live stream had an exam today !
Yeah do magician next lord i know the intended path but its driving me nuts. Once again great video my man.
Thank you John 🙏❤️ awesome video 👍 😎
Watching Seth Rogen attempt hacking
Subbed!
I'm late, but was bin blocked? Could you have executed /bin/bas? (where ? is a wildcard)
Ohh shit you got the 503s during regular use of the service :D
john hammond poggers
I would recommend use vuejs tool extension and react tool extension :)
Nice video
1:20:00 - dude, you can just cp stuff in and out of docker instances x)
also you can select a UID/GID when using exec ;)
If I ever design a hack room and you try to login with admin/admin the error message is definitely going to be "You didn't think that would work did you?"
Oh God, turn out always having some enumeration running on the background for ctf does not always help
heck man, this was fun
Typing not looking at the key board was taught in middle school. Not hating, just saying. Love your videos and I am not in IT so I live vicariously through you for that lol.
School? What's that?
@@_JohnHammond a place where you make friends and enemies. Lawless and desolate. At least that's how I remember it.
@@_JohnHammond but seriously, from my younger days could you have used something like... Payload : exiftool -Comment=’’ filename.png. And making the filename.png to .php.png. I’m current watching so I’m not sure if you have actually done that or not.
a great video to start my day 😁
Whatever you want.