TryHackMe! Skynet - Wildcard Injection
Вставка
- Опубліковано 8 лют 2021
- Come play the GuidePoint Security CTF! go.guidepointsecurity.com/202...
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
That python bruteforcer is a lifesaver
True
Not Working For Me... Another Room By The Way...
Nice vid John :)
Btw : The "balls have zero to me" stuff was from an experiment, letting 2 AIs talk to each other with a set alphabet but no actual grammatical rules.
After a while, they just came up with their own way of communicating :D
love the content and the way you explain everything so thoroughly! id also much rather see you walk through a script like that than if you didnt
As a developer - very interesting to see your approach to finding weaknesses. I can sort of see the fun in this kind of activity, the lure of the dark side :)
john: makes a py script out of nothing in less than 2 minutes
me on google: "how to declare a variable"
True XD
Learn python. It'll be worth it and fun to play with
yeah its straight tho!
😂😂
True that AHAHHAHA
heretic, not confirming with ls after mkdir.
Lmfao
thats true lol
i have never had an original experience huh
Nope
RIP all terminator references.
Learnt a lot through this live walkthrough, well narrated and explained.
The best part is the way you put out your way of approaching the next possibility, that definitely helped me in knowing how to process my thoughts during a CTF
Love this approach John. Its raw, honest and not contrived (i.e. doesnt come over as you've already completed it and are now just going back through the motions!). Its far more enjoyable to listen to your thought process this way, and you still seem to manage to keep things easy to understand. Nice work :-) Subbed.
And thanks for introducing me to Terminator. Its my new favourite 'tmux' alternative :-) Now to work out what distro you are using...... ;)
John, I must say please do more of these vids are awesome and the talking through your process is exceptional
Hey John, been loving how much detail you go into when doing these videos. Keep up the great content!
That tar exploit is INSANE, how have I *never* heard of "the * exploit"??
wow... exploiting the tar wildcard to set the SUID bit on /bin/bash is so freaking smart and cool man, I was stunned by how amazing that was. I'm trying to better myself at pentesting and John, you are teaching me amazing things! Thank you so much!
this video was awesome! i learned Sooooo much! thank you so much john, your the man brother!
I wanted it for 1 time and will be watching it for a few more times to note all the things taught here. Thank you so much for your efforts. I do respect you and your talent. 😇
This is probably the most educational video on the topic I've ever seen, and I've seen a lot. Amazing.
This was incredible. Thanks for the content John!
Holyyyy that curl to python requests and the bruter you wrote just blew my mind. Good stuff John I really love your videos.
Amazing videos with great explanations to beginners instead of just cruising through all the answers without explaining the reasoning behind anything.
Been loathing reading all those articles about wildcard injection....
Thanks for the video man :)
Had a great time watch you work your magic. Im still learning and watching your videos really helps! Thanks john
Just found your channel and subscribed. Awesome videos and explanations
Thank you very much for each video you upload. I am a cybersecurity student and always I get upset, I put one of your video and get motivated to keep on.. thank you 🙏
Sir u really are a very humble person ❤️❤️
Great video like walk throughs to see your process.
This was one of your best vids so far
Thanks for this I was having trouble with the tar wildcard portion!
super creative privelage escalation john! amazing content please keep it coming!
CTFs are so fascinating ..enjoyable content! keep it coming!
You are amazing! Thanks for the walk through!
Ah Skynet. One of the best loved THM rooms, I believe. Out of curiosity, I just looked at the conclusion in my own notes and it says "probably my favorite ctf to date." :)
That was incredible thanks for your work
I liked how you used curl to trigger the call back. I will start bringing that into my process
you explain everything so simply ❤️ thanks bruhhh 😘😘
John please stop apologizing for doing exactly what we need (going into detail about how you as a pentester would approach this) Its exactly why I love this channel.. its not generic like the others. So please stop and carry on.
dude, you rock! This was awesome. when I saw the bash-4.3# i was like 😁😁😁
this video inspired me more...thanks John
Awesome! You are online person out there who cares to explain stuff! Love Your videos!
Thanks John, I always learn something new
I was as excited as you are when you privilege escalated. This is simply amazing.
curl to python... :O
how did i not know about this, where has this been my whole life!?
I was literally sitting here and saying "bro ... that would helped me so many times" xD
Good work. Well done. Learned a lot!
Omg. More content! My brain cant keep up. Its literally regurgitating info at this point but im plugged back in . Leggo peeps and thank you once again Mr John !
Please keep making contents like this, we really enjoy watching your vids ,thankss
i learned a lot from your videos thanks
i enjoyed every single moment of this
I don’t know what is going on but this seems interesting haha
You should learn python it’s fun
@@brian3947 I’ve learnt python but this is not just python haha. It’s also bout networking and managing file stuff
please always go off on tangents like the python one in this video, if anything..... go on to do a video about the tangent and go off into a tangent in that video and then do a video of that tangent and so on and so on, your videos quite literally pushed me in the direction of doing my (now a year in) degree in cybersecurity and the tryhack me rooms, you sir are a legend , thank you for your work
nothing better then this..john...explnation is wonderfull :)
that wildcard priv-esc is just super nice
Thank you for an amazing informative educational video ❤️
Thanks for another fun and educational video boss!
so happy that ur channel exists
Buddy you are the best I ever seen so far 😍😍😍
Great content John, could tell you hadn’t watched the terminator movies once you seem to overlook the miles dyson reference. :-)
What sort of hardware and software setup would you recommend for a beginner?
This video is my favorite so far
It seems like I've found my new favourite channel
*John:* "Oh, we have a personal SMB share named milesdyson, that seems random."
*Me:* Wait... does John not realize who Miles Dyson was in the Terminator universe?
*John (5 mins later):* "I actually haven't seen the Terminator movies."
*Me:* ...aha, well that explains that.
I can’t believe that I have seen a 1 hour video on UA-cam and want more
really great live premiere and overall video!
Nice video. Learned a lot from that.
Can't tell how much I appreciate this was so confused at root privilege escalation lol
Thank you!
yo awesome vid, crystal clear thanks
Thank you very much.
Simply a huge thanks ✊
I love it! thank you.
This was so much fun!
So clear, so good!
That was a very Interesting video, thank you for this amazing content ! 😁👍
Awesome video!
Excellent
Extremly funny, thank you.
loved your bin bash suid. My lazy version is simply doing that to the /etc/passwd and login as root. Have all the info I need in a file that I just copy paste everytime! Nice and quick
So awesome!
Awesome video
dude this is awesome!
Great content
Awesome as always
Sweet Video! Didn't understand 95%, but it looked cool :)
Very nice, thanks for showcasing your way of solving this room. I tried it this morning before I looked at your video. Since I cannot code in python I had a similar script as bash script, but never made it working because I forgot sending the hidden fields ..
I don't know if the room is an easy one, I was lost after finding the user.txt
Still a lot to learn I guess :)
When you got to that Miles Dyson Personal Page i was sure that the picture had steganography in it.. :D But where it continued were so much better
thank you very mush. this was helpfull
thanks man!
@John, thanks
Nice execution.
LastPass better sponsor you now. Nice placement right there.
that SUID trick was cool
Love the video!
awsome work i love u so much
The gibberish email was a reference to a Facebook research project where two AI supposed to talk to each other essentially descended into madness.
Creepy shit, did recognize it instantly :)
Hello John, could you do the Daily Bugle room on T.H.M.? I love the way you approach things and explain them.
Big ups! Great content 👍👍
that "what" at 18.30 has a separate fan base
I'm not gonna lie, I was super annoyed once I realized how much work had to be put in at the end lol. I thought I was a rockstar until it got to the cuppa part. Then getting that stable shell and actually figuring out what to do? Infuriating. Thank you for your time an mentorship doing rooms like this for us. I wish this was something I could do on my own, but maybe THM is designed just for walkthroughs just like this so we can learn.
Awesome vid! 👌
John Hammond for president everyone!
12:50 Very cool !
Miles Dyson is the father of Skynet
Awesome John Hammond but you let me down by not watching the terminator movie just kidding, if you do get the chance only watch 1 & 2 don't bother with the rest. lol