TryHackMe! Overpass - Authentication Bypass
Вставка
- Опубліковано 13 жов 2024
- Hang with our community on Discord! johnhammond.or...
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond
It would be interesting to see your TryHackMe streams without preparations, just cracking tasks in real time with chat. BTW, I like your CTF streams.
I watched so much John Hammond that my son was born a ginger, true story.
damn😂
STOP LYING IK U R
Whether or not that's true, that's funny.
Umm who’s gonna tell him
maaan! dont make me sick😂
For Cookies:
You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)
John hammond is that guy with whom you can hangout and discuss all the geeky stuffs and still look damn cool. Awesome John
I just finished that room, I can’t wait to see how you approched this one !
He's such a kind respectful man, thank you very much for the walkthrough,Cheers
I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me.
Thanks Man!
Looking forward to more of ur such videos so that I can keep learning.
I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.
If u start to learn hacking on tryhackme you will understand very fast
You're a spy of mordor.
For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented.
Just check which versions you got installed with: ls -ls /usr/bin/python*
If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80
That worked for me :)
That privesc segment was absolutely splendid and educational, thank you so much John
Great video John!!! It's always a class watching your approach, thanks for spreading knowledge.
Great work, love how you walk us through it
I didn't know about TryHackMe until UA-cam sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.
100% same happened to me
@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup
(20:41) - Using John to crack ssh key passhrase, NICE!
I am currently studying json exam quite in depth
Damn, that's a cool box. I've got to try this and Overpass2 now. Thanks for your great video John!
Hello John. A hug from Brazil. Your CTF videos are sensational. Explore more content in this theme. See you later!
*almost types "/home/tryjackme"
John: Woah! Careful there John
I died!!!!!!
Haha same here!
Hello John is there any reason you use chrome and not Firefox, or it's just personal preference?? Love your videos!!!
Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.
Thanks for the heads up! Just added it in. :) Thanks again!
Hacking aside, John also makes a good suspense actor
it was crazy how did you found flaw in log.js , i had no idea about it,, amazing
i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!
Great video! Thanks for doing this!
Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.
tl;dr: -p will tell bash not to drop privileges.
---
Invocation
[...]
The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in file names as described below under Tilde Expansion in the EXPANSION section.
[...]
If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
---
linux.die.net/man/1/bash
Hey just a question ! ,
how did you know that the output of cat .overpass is a rot47 algorithm (at 22:37).
Love your videos btw
You find it out through by looking through the source code of overpass itself.
Love from india @John Hammond
We love your thm content..and also do more on hackthebox...
Yo John! Sorry if you’ve answered this before. Are you running Ubuntu on a VM, or bare metal?
thank you, John, I have always enjoyed watching your videos please make more.
Glad yr back again in it keep it up
Great Job! Greets from Germany
All the stars aligned, root cron that executes a shell script from an external source and a writeable /etc/hosts... Damn...
Well done !
I eagerly wait for your TryHackMe ctf videos. Please upload more. ❤️ Love to watch your videos and learn from you. Thank you 🙏
Awesome video John!! Thanks for sharing! Quick question, why do you run tee with nikto scan and not gobuster?
As a newbie, it's tough to understand for me, looks interesting
Ever considered ffuf? or is Gobuster just your go to preference?
Love me some John "2 videos in 2 days" Hammond. Great Content!
yeah yeah, keep making video, i just have completed the introduction room after watch your video.
when you VPN into the challenge box does that not mean all your network traffic from your local computer is going through that box?
why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material?
Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible.
The fact that you press Alt+f4 many times does not make you smarter.
waiting for john to write something in the readme file👀
Good job
Great video but HOW do I get linpeas onto the victim side WITHOUT your automated script/tool?
obviously man ..this vid deserves a like :3
What are the pre-requisites to have known before solving this room?
Very interesting video, I learned a lot, cool way to get root privileges at the end, thanks for sharing!
I like your singing.
Just out of curiosity, how long does it take to actually solve these boxes?
Very enjoyable to watch :)
Hi John, Great Videos Any chance you could walk us through setting up Cloudflare's Flan Scan?
Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...
This is definatly not a easy box catogory
Grande
Thanks!
Could you share your "upload_files_nc.sh" and "upload_files_wget.sh" on your github? thanks!
this box was awesome..
This excites me
pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!
Great
That's brilliant, but I like this
can anyone help me , what the tag -p of /bin/bash means ?
Güzel içerik
Ty
Nice!
i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?
Love from your discord server @John Hammond
❤️
So cool
Just a Question. What does "-p" in /bin/bash -p
Doing the yt algorithm thing
Great video again. But could you use pwncat next time?
NICE ED SHEERAN
Nice
Whats the use of /bin/bash -p ??
The -p option ensures that the effective user id is not reset.
it was medium room
Wow! That was cool😎!!
which terminal is that?
Terminator
Nice. Ohhh💗
tryjackme lol.
careful john
When did ed sheeran starts writing codes
That -p would have helped me if i saw it yestersay for overpass 2...anyways alrdy done😅
Thast awesome brother ^^
what was that system password for? Found any use for it?
Hi John I really do like your vids . Could you pls slow down a bit...You do things too quick for us the newbies... :)
please tell me what terminal multiplexer you use
I am using Terminator. I love it!
@@_JohnHammond thank you very much ... You've been my inspiration and effective immediately i will start using terminator
This would be better if you didn't practice this before you did it
33:45 tryhackme on the way to sue you for defamation
8:00 is it python or js ?
I would say it’s js.
TRY JACKME LMFAO
when i'm running python -m http.server command why it is coming command not found
sudo pyhton3 -m http.server 80
sudo: pyhton3: command not found
K
This looks like a clone of hackthebox.eu
John Hammond sar windows 10 OS use ethical hac**king course. Please🌹🌹🌹🌹🌹🌹🌹🌹🌹🌹
I keep trying to subscribe but the only option I get is unsubscribe I can't figure it out... maybe next time. =)
#sudo apt hack 'John Hammond'
#password:
#access denied
I like to do the follow along but when I enter the command " subl " on tryhackme it says command not found.
nice