I always enjoy your videos John. Thanks for taking us through your thought process. I'm not a "programmer" yet but I learnt something basic from watching your show, you always seems to put the structures first very quickly then customize it to suit the mission. Very nice. Lots to learn and I know your channel will be a major influence to my goal of becoming a pro.
I've said it once and I'll say it again, so extremely happy these videos are back! Really missed them so much! Would also love a live stream of your attempt at a room!
Fantastic video John! I agree with some of the others, "wrestling with the machine" is where the golden bits come from imo. Seeing how you pivot and adapt to obstacles, plus just your thought process in general, is probably the most valuable take away!
Excellent. Even if you know what he's doing or not, even if you can follow his commands or not, even if you already did something similar in a HTB or THM or CTF. Excellent explanation step by step. I've been following your content for a while already, and this one was just on point both in quality and complexity. Keep the freaking awesome job you're doing. Thanks a lot for sharing.
I guess just habit -- I think I like to have it "explicit" so when I can and I do as a reflex, I'll try to put quotes around things. :) Thanks for watching!
its a great video but i did not understand how we go from open, create same file with gets us root shell and then root not showing anything , ending was very confusing
The binary that he ran had a SUID bit, meaning that you run it with the privilages of the creator, being root. (Someone please correct me if I'm wrong.) Since the binary (sysinfo) included a popen(lshw, blabla) command, he made a bash (or shell? Don't remember) script that he then added to his path, thus prioritizing it over others. By adding the -p to bash, he keeps the euid (effective user id provided by SUID --> he is now root) in the new instance! But, there was no output, so he cleverly added a sticky bit to bash in general. So when he ran it again, he kept his root euid. Hope this makes some sense. And if anyone finds mistakes, feel free to correct me!
Just a guess, but I think the reason you did not get output from your `/bin/bash -p` was, that popen was not connected to stdout or that it does not return anything to stdout until it exits.
The last remark is correct. It will output to stdout once bash exits, so if he would have scrolled up to the beginning of the output he would've spotted the output of his commands.
Have you thought of creating content walking through specific tools/ strategies you include in the videos? Maybe quick articles or links to videos where you go over items like pwncat, stabilizing shells, SUID exploitation, etc.
“Wrestling with the machine” is good. The best part of your videos is seeing your thought process including how you adjust to obstacles.
Sometimes i forget you already know how to complete the box and you know what this stuff is. You deserve an Oscar my friend.
So crazy how I watched this video a few months back not understanding anything of what you’re doing, and now I’m almost able to do it myself
I always enjoy your videos John. Thanks for taking us through your thought process. I'm not a "programmer" yet but I learnt something basic from watching your show, you always seems to put the structures first very quickly then customize it to suit the mission. Very nice. Lots to learn and I know your channel will be a major influence to my goal of becoming a pro.
I've said it once and I'll say it again, so extremely happy these videos are back! Really missed them so much! Would also love a live stream of your attempt at a room!
Make a video pentesting and creating the report simultaneously as you do in certifications or real life pentests.
Fantastic video John! I agree with some of the others, "wrestling with the machine" is where the golden bits come from imo. Seeing how you pivot and adapt to obstacles, plus just your thought process in general, is probably the most valuable take away!
Excellent. Even if you know what he's doing or not, even if you can follow his commands or not, even if you already did something similar in a HTB or THM or CTF. Excellent explanation step by step. I've been following your content for a while already, and this one was just on point both in quality and complexity. Keep the freaking awesome job you're doing. Thanks a lot for sharing.
you did some blue magic with your eyes
This was a simple box?? Man I have a lot to learn.
Thanks John
Nice to see an HTB on here. Gonna compare notes with Ippsec after this. See if you guys fry an egg the same way.
When looking for obscure executables/commands on a system, wouldn't it be better to use whereis instead of which?
LOVE FROM NEPAL @John Hammond
Nepal n00b... First fix your government and Oli (Hate from India!)
33:58 is why I prefer THM over HTB lol
John and his fancy smancy shells
awesome video, I've learned a lot, thank you so much
That's awesome htb ctf keep doing more videos
I really enjoyed your video! Thank you
Your The Best Teacher Hakcer...
Love from India 😍😎
amazing. thank you !
why do you never use burpsuite?i feel like it would have been easier to do this in burp
Amazing 👏👏
I kind of suck at priv esc. So here’s a question. In the /bin/sysinfo, couldnt he run /bin/sysinfo -p to become root?
he could run sysinfo as root, but only that program as root
@@yixunnnn ohhh I see i see. I thought he could maybe run the /bin/sysinfo -p to keep his privileges as root
Excellent video!
I hate to ask but would you do a basic command video and how to use them
Hey John, any specific reason you always include quotes around your url arguments? Had issues in the past?
I guess just habit -- I think I like to have it "explicit" so when I can and I do as a reflex, I'll try to put quotes around things. :) Thanks for watching!
awesome
I have been trying to use the ovpn in Kali but it gives me openssl error
I love your content
"lets not waste any time..." (proceeds to waste everyone's time)
really awesome man👌👌👏👏
Make some king of the hill tricks like persistence or killing others shell
Please can you do same with NodeJS
its a great video but i did not understand how we go from open, create same file with gets us root shell and then root not showing anything , ending was very confusing
The binary that he ran had a SUID bit, meaning that you run it with the privilages of the creator, being root. (Someone please correct me if I'm wrong.)
Since the binary (sysinfo) included a popen(lshw, blabla) command, he made a bash (or shell? Don't remember) script that he then added to his path, thus prioritizing it over others. By adding the -p to bash, he keeps the euid (effective user id provided by SUID --> he is now root) in the new instance!
But, there was no output, so he cleverly added a sticky bit to bash in general. So when he ran it again, he kept his root euid.
Hope this makes some sense. And if anyone finds mistakes, feel free to correct me!
@@nohandle13 Thanks alot for the explanation, Really appreciate that
@@MrPaddy35 no problem! Glad to help :)
why do double extensions bypass the file type filter?
What bypasses the filter is the last extension (png in .php.png), in addition to the PNG magic bytes.
Reminds me of the .asp;.png thing from iis6
Hey John what kind of terminal you use ?
It's called Terminator
Just a guess, but I think the reason you did not get output from your `/bin/bash -p` was, that popen was not connected to stdout or that it does not return anything to stdout until it exits.
The last remark is correct. It will output to stdout once bash exits, so if he would have scrolled up to the beginning of the output he would've spotted the output of his commands.
I Think your eye is happening something
Hey very good...but you some take a rest because of your eyes be really red😘❤🧡💛💚💙💜🖤🤍
playing @ 0.75x speed
pwncat is trying to do helpful things but stability suffers, cant wait till it gets more stable, will be perfect.
Ok easy to task websites 👍
so, a hot woman next to me in a gym (threadmill) - why are you watching that man??? LOL
He's like a budget Ed Sheeran with hacking skills :P
Man why don't you make a video on your os you are using for pentesting
linux
🤼♀️
meta data smart one exif that shit
K
Hey John please continue making htb machine videos after they get retired
Python3: bytes.fromhex(”0a0a0a”)
you are over working ...take it easy
J I F F S
This is Oscar level acting
Awesomely amazing video, Sir! I’m learning a lot from you side by side with tryhackme and other informational videos! Keep up the great work!
Have you thought of creating content walking through specific tools/ strategies you include in the videos? Maybe quick articles or links to videos where you go over items like pwncat, stabilizing shells, SUID exploitation, etc.
I love watching these videos but I can't even create a basic page with HTML. I literally have no idea what you are doing
You look so tired .. take a rest bro ...
You look like an idiot. take a dirt nap.
nerd
Blind to work hoto pasbloo