TryHackMe! Overpass - Authentication Bypass

It would be interesting to see your TryHackMe streams without preparations, just cracking tasks in real time with chat. BTW, I like your CTF streams.

I watched so much John Hammond that my son was born a ginger, true story.

For Cookies:
You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)

John hammond is that guy with whom you can hangout and discuss all the geeky stuffs and still look damn cool. Awesome John

I just finished that room, I can’t wait to see how you approched this one !

He's such a kind respectful man, thank you very much for the walkthrough,Cheers

I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me.
Thanks Man!
Looking forward to more of ur such videos so that I can keep learning.

I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.

For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented.
Just check which versions you got installed with: ls -ls /usr/bin/python*
If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80
That worked for me :)

That privesc segment was absolutely splendid and educational, thank you so much John

Great video John!!! It's always a class watching your approach, thanks for spreading knowledge.

Great work, love how you walk us through it

I didn't know about TryHackMe until UA-cam sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.

@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup

(20:41) - Using John to crack ssh key passhrase, NICE!

I am currently studying json exam quite in depth

Damn, that's a cool box. I've got to try this and Overpass2 now. Thanks for your great video John!

Hello John. A hug from Brazil. Your CTF videos are sensational. Explore more content in this theme. See you later!

*almost types "/home/tryjackme"
John: Woah! Careful there John
I died!!!!!!

Hello John is there any reason you use chrome and not Firefox, or it's just personal preference?? Love your videos!!!

Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.

Hacking aside, John also makes a good suspense actor

it was crazy how did you found flaw in log.js , i had no idea about it,, amazing

i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!

Great video! Thanks for doing this!
Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.

Hey just a question ! ,
how did you know that the output of cat .overpass is a rot47 algorithm (at 22:37).
Love your videos btw

Love from india @John Hammond
We love your thm content..and also do more on hackthebox...

Yo John! Sorry if you’ve answered this before. Are you running Ubuntu on a VM, or bare metal?

thank you, John, I have always enjoyed watching your videos please make more.

Glad yr back again in it keep it up

Great Job! Greets from Germany

All the stars aligned, root cron that executes a shell script from an external source and a writeable /etc/hosts... Damn...

Well done !

I eagerly wait for your TryHackMe ctf videos. Please upload more. ❤️ Love to watch your videos and learn from you. Thank you 🙏

Awesome video John!! Thanks for sharing! Quick question, why do you run tee with nikto scan and not gobuster?

As a newbie, it's tough to understand for me, looks interesting

Ever considered ffuf? or is Gobuster just your go to preference?

Love me some John "2 videos in 2 days" Hammond. Great Content!

yeah yeah, keep making video, i just have completed the introduction room after watch your video.

when you VPN into the challenge box does that not mean all your network traffic from your local computer is going through that box?

why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material?
Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible.
The fact that you press Alt+f4 many times does not make you smarter.

waiting for john to write something in the readme file👀

Good job

Great video but HOW do I get linpeas onto the victim side WITHOUT your automated script/tool?

obviously man ..this vid deserves a like :3

What are the pre-requisites to have known before solving this room?

Very interesting video, I learned a lot, cool way to get root privileges at the end, thanks for sharing!

I like your singing.

Just out of curiosity, how long does it take to actually solve these boxes?

Very enjoyable to watch :)

Hi John, Great Videos Any chance you could walk us through setting up Cloudflare's Flan Scan?

Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...

This is definatly not a easy box catogory

Grande

Thanks!

Could you share your "upload_files_nc.sh" and "upload_files_wget.sh" on your github? thanks!

this box was awesome..

This excites me

pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!

Great

That's brilliant, but I like this

can anyone help me , what the tag -p of /bin/bash means ?

Güzel içerik

Ty

Nice!

i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?

Love from your discord server @John Hammond

❤️

So cool

Just a Question. What does "-p" in /bin/bash -p

Doing the yt algorithm thing

Great video again. But could you use pwncat next time?

NICE ED SHEERAN

Nice

Whats the use of /bin/bash -p ??

it was medium room

Wow! That was cool😎!!

which terminal is that?

Nice. Ohhh💗

tryjackme lol.
careful john

When did ed sheeran starts writing codes

That -p would have helped me if i saw it yestersay for overpass 2...anyways alrdy done😅

Thast awesome brother ^^

what was that system password for? Found any use for it?

Hi John I really do like your vids . Could you pls slow down a bit...You do things too quick for us the newbies... :)

please tell me what terminal multiplexer you use

This would be better if you didn't practice this before you did it

33:45 tryhackme on the way to sue you for defamation

8:00 is it python or js ?

TRY JACKME LMFAO

when i'm running python -m http.server command why it is coming command not found
sudo pyhton3 -m http.server 80
sudo: pyhton3: command not found

K

This looks like a clone of hackthebox.eu

John Hammond sar windows 10 OS use ethical hac**king course. Please🌹🌹🌹🌹🌹🌹🌹🌹🌹🌹

I keep trying to subscribe but the only option I get is unsubscribe I can't figure it out... maybe next time. =)

#sudo apt hack 'John Hammond'
#password:
#access denied

I like to do the follow along but when I enter the command " subl " on tryhackme it says command not found.

nice