@@_JohnHammond do you know any good learning material on defensive security? all we have here is offensive security, not alot on Blue Team, how to get hacker out of your pc and lock them next time?
@@georgehammond867 as a start I definitely recommend checking out liveoverflow’s channel, mostly the protect Linux server from hackers, also off and defensive security are closely related, if you know what is needed to exploit something you can lock that down
Shower love, much appreciated, John! 💚 P.S. Thanks for spreading the word about #CyberApocalypseCTF21! Epicness loading 👽 NO. OF PLAYERS: 5,386 NO. OF TEAMS: 2,561
The video hasn't even started, but there's already 11 likes! This just shows how much the community appreciates your effort to put out amazing content John! ❤️ Thank you so much for the inspiration 🏆😊
as a beginner and i lack skills and researching skills , i really enjoy your videos, because it shows how you find clues , do your research follow the breadcrumbs and find a exploit path and trying various things until you understand the target and what will work.
Hey man I've recently discovered your channel i really wanted to learn stuff like this but j didnt know you could learn this outside of college or knowing russian currently bing watching all your videos keep it up
Yo bro I love how you talk yourself through this entire process without anyone beside you. Although some may think this type of illustration from a person always asking themselves questions and answering themselves in the same instance. is crazy. Lmaooo. Just saying bro Love the vids., Lmaoooo
Interesting approach to trigger the password reset and get the token using LFI to read the production logs. Since you have shell access you also have access to gitlab-rails, so I've just changed the password directly in DB.
Thx for the great video John! Please make a video suggesting what subject software developers that are not in the penetration area could study to improve their coding skills avoiding hackers.
Well, how does the teams work in the CTFs? I'm a newbie in this and never participated any challenge. I wonder if it is worth looking for a team with random people or just do it on my own. Btw, really great content John, I love to watch your struggles during free time. Also I've picked up few things from you, like the Terminator - my god, that was soo liberating experience :).
So forgive me for thr noob question but... well... I'm a complete noob.. do u just use sublime to make it more readable? I'm studying web development at the same time so I use visual studio code but just wondering if u do anything else with sublime besides just help u read it?
Hi John. I have a few questions about write-ups. Which is better hack with write-ups or without? How to reach level oscp? I'm working on government as CyberSecurity. I already have found a lot of bugs on websites government and after reports they have fixed is it helps me? Thank you
While watching John using the arbitrary file read exploit atm, I'm thinking: I'm a simple man, I see an exploit without a version number and the words "shell" and "code execution", I try it. I'm pretty sure I'm watching John heading down a rabbit hole right now
@@bogdan4706 ehhh.. I am a loooong way off from it. I have been taking network pen courses actively over the last year but all its really teaching me is to be a script kiddie. This dude has a much deeper understanding of the mechanisms and actions of actual malware which makes me think he can throw together some wild stuff. Maybe in a few years I will think differently but he is pretty impressive to me!
@@PlzReturnYourShoppingCart Practice is the best teacher. If you forced yourself to play with those kind o HackMe boxes for a couple of months non stop (of course staring at easy level first), you'd be able to do half if not more. You'd be surprised at how adaptable humans are
@@guiorgy Ya know, I really don't have family or friend support for learning these things. It's very much so of my own volition and I know that I basically know nothing. but the comment that @bogdan and you left really has a big impact on me. You guys being the only people that have made this knowledge feel within reach has such a positive and vividly assuring feeling for me. I am super thankful for the direction and positivity. Thank you so much! I mean it from the bottom of my heart. Thank you so much! These words you shared have a lot of weight to me. What great people watch this channel! What a great community! I am very thankful!
@@PlzReturnYourShoppingCart To be honest, if a person is really passionate about something, they don't really need any support, but it's always better with it. As for whether this can be your passion, honestly I don't think there's anybody that can say for sure untill they at least try. In fact, sometimes it may take a lot of time trying to realise whether you are into it or not. Here's a quote: “The hardest part is starting. Once you get that out of the way, you’ll find the rest of the journey much easier.” - Simon Sinek Personally, I think that, if you believe something could become a real hobby/passion for you, you will regret more if you never try, than if you try but fail and realize it's not your thing. In any case, hope you can find something that you really enjoy doing one day ;)
Can you please make a walkthrough video on SEA machine which is on HackTheBox (Though, it is an easy machine bt am learning all by myself and stuck) would you make it? I would be grateful 😊
When you run a command that isn't a bash builtin or the path to a specific file, the shell looks through the various directories in the PATH environment variable for an executable that matches your command. The shell looks through these directories from left to right though and it'll simply use the first one it finds. So, guessing that the docker-security file is executing the 'chmod' commands seen when catting out the binary, John made an executable shell script called "chmod" and put the path that its located in at the front of the PATH environment variable. So, when he runs the docker-security binary, it will run this chmod instead of the normal chmod. Why does this help? Well, since the docker-security binary runs as root (it is setuid), it calls chmod as root which executed /bin/bash as root. This was only possible because the docker-security binary called chmod instead of /usr/bin/chmod, thus allowing us to control what is executed.
I find I have found a few questions in my Cyber security learning app that doesn't mean what the words in the questions is asking like they a trick question to see the trick of them ones I will work out
I know that hack the box is very popular but it is crazy to think that working with it is sending me real game and using my learning to open everything Up to them in the wrong with me I hate to think that job that can save perfection to know the ethical from the identity thefts scammers using my identity for every 7 ethical is a criminal hacker I can see in my identity I have a new way to watch my own apps for my progress of myself with unstoppable knowledge and skills and talents
Why u do not get angry about the struggle of the codings? Make a video where u struggle with coding and exploit all your angry against the people on youtube LOL
yourt terminsl is a mess.
yourts speling is a messer.
@@_JohnHammond do you know any good learning material on defensive security?
all we have here is offensive security, not alot on Blue Team, how to get hacker out of your pc and lock them next time?
@@georgehammond867 as a start I definitely recommend checking out liveoverflow’s channel, mostly the protect Linux server from hackers, also off and defensive security are closely related, if you know what is needed to exploit something you can lock that down
Shower love, much appreciated, John! 💚
P.S. Thanks for spreading the word about #CyberApocalypseCTF21! Epicness loading 👽
NO. OF PLAYERS: 5,386
NO. OF TEAMS: 2,561
Will you ever introduce a partnership with GitHub? That would be so awesome!!!
The video hasn't even started, but there's already 11 likes!
This just shows how much the community appreciates your effort to put out amazing content John! ❤️
Thank you so much for the inspiration 🏆😊
every UA-camr has at least 1 dislike this guy is a god he has none
@@MaxDev that’s so true!
But is he singing?
54:45 Nice of you to complete the incantation with the words "We're in!" as is tradition.
Aggressively typing in the terminal: "We're in😎"
Love your content btw❤️
I always learn the things that I don't understand from HTB walkthrough pdfs in your videos. It's always an awesome experience to watch your videos.
as a beginner and i lack skills and researching skills , i really enjoy your videos, because it shows how you find clues , do your research follow the breadcrumbs and find a exploit path and trying various things until you understand the target and what will work.
The amount of stuff I learned from one just one video is.. amazing. Thanks John ✌️
Hey man I've recently discovered your channel i really wanted to learn stuff like this but j didnt know you could learn this outside of college or knowing russian currently bing watching all your videos keep it up
Hey man what courses are in russian i know russian but i have never seen anything before
@@aloshkartosh840 well considering Russia has one of the biggest hacking communities, I'm sure you just have to find the right people
That's What We Wanted🔥
Yeah!!!😊
No it’s what we needed
@@grandmakisses9973 💯
having to watch this in slowmo to keep up, its giving me some awesome ideas on areas i need to learn
I just saw ippsecs vid right before this. really helpful 2c different approaches/ways. thanks john.
love these walkthroughs
I feel the energy when you got Dexter's id_rsa keys😂
We're in baby
Yo bro I love how you talk yourself through this entire process without anyone beside you. Although some may think this type of illustration from a person always asking themselves questions and answering themselves in the same instance. is crazy. Lmaooo. Just saying bro Love the vids., Lmaoooo
Fun fact: 29:52 the logo is from xakep.ru a Russian Hacker magazine, didn't know they made videos as well
A day before i was searching for this🥴 I'm grateful for this♥️😊
I'm amazed by your skills! Good Job, keep up the good work!
I completed this box a while ago, but its good to see you're looking at HTB now!
Great content 😄 I imagine how much time you've spent on actually cracking it
I loved this box 📦. Tore right through it.duper fun, especially the part where, wh!aaaaaaaaaat you hitting me for, oh sorry. I almost spoiled it. Lol
Interesting approach to trigger the password reset and get the token using LFI to read the production logs. Since you have shell access you also have access to gitlab-rails, so I've just changed the password directly in DB.
I feel your pain. I miss type stuff that causes headaches all the time.
Love HTB! Would love to see more of these!
thanks john for ur videos wish u the best buddy
Thank you very much John for the incredible work. Keep it up. Hope to see you again ASAP!
John john john! Awesome video as always. Keep it rocks bro!
Heya John 👋. Much love for the awesome video! Keep it up and maybe we can get some more retired boxes down the line!
Always doing great, John! 👌
Thank you 🔥
Like the videos and your commitment .
Please keep it up mate
Great video!
to access the von of Hack The Box, do you have to be from Virtual Machine or does it also work on WSL2? Thank you
what does -sC do on nmap? I can't find that function anywhere on the manuals
This room when I did it definitely was more medium than easy definitely banged my head off the wall a few times
Hi why is it necessary to add an entry to the hosts file? How come IP address doesn't work?
I appreciate you and this channel
Thx for the great video John! Please make a video suggesting what subject software developers that are not in the penetration area could study to improve their coding skills avoiding hackers.
I think this is your first video I've yelled at the screen, lol.
Well, how does the teams work in the CTFs? I'm a newbie in this and never participated any challenge. I wonder if it is worth looking for a team with random people or just do it on my own.
Btw, really great content John, I love to watch your struggles during free time. Also I've picked up few things from you, like the Terminator - my god, that was soo liberating experience :).
07:47 I don't use nano. I love vim. 😂😂😂😂
Great, learned a lot
So forgive me for thr noob question but... well... I'm a complete noob.. do u just use sublime to make it more readable? I'm studying web development at the same time so I use visual studio code but just wondering if u do anything else with sublime besides just help u read it?
Hi John. I have a few questions about write-ups. Which is better hack with write-ups or without?
How to reach level oscp?
I'm working on government as CyberSecurity. I already have found a lot of bugs on websites government and after reports they have fixed is it helps me?
Thank you
Without any connection to your content, I want to have a beer with you
To anyone who has attempted the oscp, is this box harder or almost the same as the oscp exam machines?
gamer
I mean hacker but also gamer
Why am I reminded of Seth Rogen when John laughs
anyone know why he use the Ubuntu why he not use kali Linux is there specific reason ??
Really love your video John !
John The Destroyer !
While watching John using the arbitrary file read exploit atm, I'm thinking: I'm a simple man, I see an exploit without a version number and the words "shell" and "code execution", I try it. I'm pretty sure I'm watching John heading down a rabbit hole right now
After watching some more, I guess I would probably be the one heading down a rabbit hole! Great vid as always. thanks for the content :)
Hi, this is Ubuntu virtualized in Ubuntu phisic wich virtualbox?
The way to get root was really cool.
If there is one YT page I don't want to troll on its this one. This dude is scary smart.
@@bogdan4706 ehhh.. I am a loooong way off from it. I have been taking network pen courses actively over the last year but all its really teaching me is to be a script kiddie. This dude has a much deeper understanding of the mechanisms and actions of actual malware which makes me think he can throw together some wild stuff. Maybe in a few years I will think differently but he is pretty impressive to me!
@@PlzReturnYourShoppingCart Practice is the best teacher. If you forced yourself to play with those kind o HackMe boxes for a couple of months non stop (of course staring at easy level first), you'd be able to do half if not more. You'd be surprised at how adaptable humans are
@@guiorgy Ya know, I really don't have family or friend support for learning these things. It's very much so of my own volition and I know that I basically know nothing. but the comment that @bogdan and you left really has a big impact on me. You guys being the only people that have made this knowledge feel within reach has such a positive and vividly assuring feeling for me. I am super thankful for the direction and positivity. Thank you so much! I mean it from the bottom of my heart. Thank you so much! These words you shared have a lot of weight to me.
What great people watch this channel! What a great community! I am very thankful!
@@PlzReturnYourShoppingCart To be honest, if a person is really passionate about something, they don't really need any support, but it's always better with it.
As for whether this can be your passion, honestly I don't think there's anybody that can say for sure untill they at least try. In fact, sometimes it may take a lot of time trying to realise whether you are into it or not.
Here's a quote:
“The hardest part is starting. Once you get that out of the way, you’ll find the rest of the journey much easier.”
- Simon Sinek
Personally, I think that, if you believe something could become a real hobby/passion for you, you will regret more if you never try, than if you try but fail and realize it's not your thing.
In any case, hope you can find something that you really enjoy doing one day ;)
@@guiorgy For sure man. I have no plans on giving up. I love having the knowledge. Thanks for the good vibes!
what os? is he / are you running?
Ahh yea!
Respect!
They probably sent you the swag bag to showcase the contents of the prize XD
Can you please make a walkthrough video on SEA machine which is on HackTheBox (Though, it is an easy machine bt am learning all by myself and stuck) would you make it? I would be grateful 😊
How did he did that privilege escalation from dexter to root?can someone please explain it to me?
When you run a command that isn't a bash builtin or the path to a specific file, the shell looks through the various directories in the PATH environment variable for an executable that matches your command. The shell looks through these directories from left to right though and it'll simply use the first one it finds. So, guessing that the docker-security file is executing the 'chmod' commands seen when catting out the binary, John made an executable shell script called "chmod" and put the path that its located in at the front of the PATH environment variable. So, when he runs the docker-security binary, it will run this chmod instead of the normal chmod. Why does this help? Well, since the docker-security binary runs as root (it is setuid), it calls chmod as root which executed /bin/bash as root. This was only possible because the docker-security binary called chmod instead of /usr/bin/chmod, thus allowing us to control what is executed.
@@mustafamotiwala2335 thank you very much !well explained.
Hackthe box is good learner for who want learn hacking
Awsome stuff
Amazing, please make more HTB Videos!!!
I find I have found a few questions in my Cyber security learning app that doesn't mean what the words in the questions is asking like they a trick question to see the trick of them ones I will work out
This game you have for learning Cyber security I'm not sure if I was given the right real of that I can't get it loading properly to work that out
Wow. Who woulda thought that extraterrestrials would not only speak English, but know Python too?
just awesome :)
How do you prevent your channel from getting reported
Im guessing a ctf doesn't count as instructional hacking since they are hosted by legitimate companies
Amazing as always
nice! though i have to change the playspeed to 0.75 :D
man !! been missing your videos lately...
Dude, I check daily... And I'm already ringing that bell icon... I feel this so much
Hey! Anybody taking part in CyberApocalypseCTF21? I'm newbie, around 70 rooms on THM, looking for team))
Hello I'm interested
Interested
@@nickswink7983 Awesome! Add me in discord: Twist#2576
Great Video!!
Qfs codo skills?
good video
It would be lot easier if you put the vulnerability that you will be exploiting in the description. Thanks.
Mhmm I think I understand the issue with scripts having the setuid bits, ehm I gotta go, got some paths fix. :o
Ofs?pot codo details
Wow
This does not look like a Beginners level :D
Rip on the ctf. Teams only
Go long
before I watch this, these methods are rather slow now aren't they? lol maybe I should watch
hacking is the next gaming
Hey John - what's updog?
Pipe that to grep my man
Y’all still using python I’m on spython 😎
System windows for using one system also see how many systems also here how to connect, work files system
Hi
4weindrs looking one development ,1elmins,
I know that hack the box is very popular but it is crazy to think that working with it is sending me real game and using my learning to open everything Up to them in the wrong with me I hate to think that job that can save perfection to know the ethical from the identity thefts scammers using my identity for every 7 ethical is a criminal hacker I can see in my identity I have a new way to watch my own apps for my progress of myself with unstoppable knowledge and skills and talents
Cerd card filles yes/no comments skills
the 5 dislikes are black hats
The question to all people is, is this type of behavior from a normal person that does not have a UA-cam channel accepted as not being crazy? Lmaooo
script kiddie in certain extent... honestly
Please make videos on cryptohack
Why u do not get angry about the struggle of the codings? Make a video where u struggle with coding and exploit all your angry against the people on youtube LOL
You talk a lot and say little.
Awesome video!
Ofs?pot codo details