Hello in the minute 10:47 you just have to look in "Response" header, even though its returning 200, in the "Response" you will see "Extension not allowed" and for the case of phtml it will put "uploaded"
Thank you very much! Without your video I'm NOT going to make the box! Very complicated for beginner (1 year THM). But it takes me 4 hours because I wrote it all in CherryTree document myself, made a personel WT with comments😁😂
Whenever I am jammed up, you always help me through. ...one point though your screen is blurred at times, hard to see commands. Love your teaching, so easy to grasp the material.
@@HackerSploit I have returned many times to review your videos, I find the quality of your content very good, and even when your looking to solve some little issue that's blocking progress you expose the reality of what pro's encounter too, not just noobs like me. A 1000 thanks for making videos I can follow and learn from.
Very good tutorial til 19:00 where I really feel you need to slow down alot. For all i know u were just saying random words at this point and it was impossible to follow as someone who is just learning this stuff, I can obviously replicate what u are doing and get the flag myself but it feels completely pointless when I have no idea any of the reasoning behind any of what is happening
Sir, Can you make a full video on how to choose a target for bug hunting, how you gather information/ recon and then exploit it... which tools you use in daily basis for bug hunting with in-depth guide... I cannot find bugs even after spending weeks. I try very hard and rarely found any bugs ..... please sir make a full video of bug hunting with real world situations... btw I love your content...
I last understood at nmap and boom things quickly escalated to a point were my brain felt like it's melting .... Where can I learn all this from sir ???? Thanks
unfortunately that is the common theme among most of the tutorials: either they suck at teaching or showing off how fast they do stuff, since they have been doing it for so long.
what should i do when while in 22:20 part when i execute systemctl start root in my terminal it says mesg: ttyname failed: Inappropriate ioctl for device and dont let me connect? ive searched it and its also a vagrant problem but all solutions seems to be realted to it.
hey am having a problem with trychackme, when i use the attack box everything is fine but when i use openvpn i can ping the machine , BUT : the nmap results are not very accurate for exemple i don't get the squid version i get the open port with "squid ?", and i can't gobuster or any similar tool , and when i put :3333 in the browser nothing shows up , same if i use curl ip:3333 no response ... please anyone help ? am new to tryhackme and it seems like a very usefull learning platform that i want to try :')
I get to the Part where I create the HTTPSimple Server on Port 80, It serves root.service BUT it wont execute root from systemctl it will enable root.service but wont allow me to execute root any ideas anyone? Im stuck......
Hey there, right at 1:02 he says he's already performed this scan and everything is based on the results from the scan that happened prior to the video. I saw that he even grepped some info from a .txt file with the nmap results. what switches were used with the initial nmap cmd? I feel like I am missing something simple here. Thanks.
I always perform the Nmap scan beforehand to save time during the actual process. The .txt file that I used was an output from the Nmap scan. The Nmap flags and options are displayed at the top of the file. Take a close look at the first few lines and you will identify the scan options I used.
If you wonder why intruder fails to determine which extension is allowed, i don't know as well :) but anyway i have a solution for that. Instead of highlighting whole extension (i.e. $.php$) just highlight the part after dot ($php$) Then go to payload section, add extensions without dot ( php, php3....phtml). Start the attack. youll see phtml gives different response code. As we expected...
systemctl enable /tmp/root.service doesn't work for me i get the error Failed to execute operation: No such file or directory. could someone explain to me whats going on wrong?
I did everything to install gobuster. Even git cloned it. Im looking right at the fact that its installed after that and its saying gobuster command not found.
put the root.service inside a folder, then open terminal in that folder and start the server, that will host the content of the folder. Btw, the command for python3 is: python3 -m http.server 80
Do me a solid, make video on how to run kali in usb live more efficiently, its super slow, but there must be way or what good a usb live is? Also thank you for effort, you're work means a lot to us.
As a complete beginner, how should I fucking know the syntax of writing the service, really, they are just saying find root CTF, how dafaq should I get into this?? they were also not explaining this one in previous room. But thanks for your effort.
@HackerSploit hey in your android hacking series you mentioned about making a video on obfuscation and manual port forwarding but you havent ...... i would really appreciate it if you did make those videos
So i used visual studio cause vim is trash, vs will make sure that the syntax is correct which i still somehow looked pass it and took me like 4 tries lol
Seriously if you are not able to understand why burp isn't giving the good results how are we suppose to understand ?? Very bad that's not a way to teach.
Dear fellow viewers, Don't forget the apostrophe after 0>&1 when creating root.service. Save yourself the minutes of frustration I endured trying to figure out the issue. Sincerely, Some dude on the internet
To fix the Error in 12:24 you need to disable URL-encoding under: Intruder/Payloads/Payload Encoding (in Burp Suite)
Thank you for your help, it took me 3 hours until I found your comment.
Nice! Thank you.
OMG THANK YOU!!!!
спасибо, легенда
Thanks for this. I NEVER would have figured out that priv-esc at the end.
Hello in the minute 10:47 you just have to look in "Response" header, even though its returning 200, in the "Response" you will see "Extension not allowed" and for the case of phtml it will put "uploaded"
Thank you very much! Without your video I'm NOT going to make the box! Very complicated for beginner (1 year THM). But it takes me 4 hours because I wrote it all in CherryTree document myself, made a personel WT with comments😁😂
Whenever I am jammed up, you always help me through. ...one point though your screen is blurred at times, hard to see commands. Love your teaching, so easy to grasp the material.
Thanks for the feedback, we will work on improving the visibility of text in future videos.
@@HackerSploit I have returned many times to review your videos, I find the quality of your content very good, and even when your looking to solve some little issue that's blocking progress you expose the reality of what pro's encounter too, not just noobs like me. A 1000 thanks for making videos I can follow and learn from.
Very good tutorial til 19:00 where I really feel you need to slow down alot. For all i know u were just saying random words at this point and it was impossible to follow as someone who is just learning this stuff, I can obviously replicate what u are doing and get the flag myself but it feels completely pointless when I have no idea any of the reasoning behind any of what is happening
You can slow the speed of the video down in youtube.
Sir, Can you make a full video on how to choose a target for bug hunting, how you gather information/ recon and then exploit it... which tools you use in daily basis for bug hunting with in-depth guide... I cannot find bugs even after spending weeks. I try very hard and rarely found any bugs ..... please sir make a full video of bug hunting with real world situations... btw I love your content...
hackerone and bugcrowd
Why you are using different location for wordlists ? I couldn't find any file on your specified location where do I find common.txt?
Loving this series!
you are the real teacher in Pentesting
why doesn't work the path for gobuster?
Best security tutor on the internet 😍✌️
Hey bro
I last understood at nmap and boom things quickly escalated to a point were my brain felt like it's melting .... Where can I learn all this from sir ???? Thanks
unfortunately that is the common theme among most of the tutorials: either they suck at teaching or showing off how fast they do stuff, since they have been doing it for so long.
@@Andre-jp4yt I was like, "Damn...I'VE been doing this for awhile and this guy is racing through this 'tutorial'".
@@iCyberVenom I mean it’s tryhackme which is the easiest road you can take, pure hold your hand.
Waited for your video
Thank you my idol...Love from Bangladesh
what should i do when while in 22:20 part when i execute systemctl start root in my terminal it says mesg: ttyname failed: Inappropriate ioctl for device and dont let me connect? ive searched it and its also a vagrant problem but all solutions seems to be realted to it.
Thank you sir! it is really helping me sir🤩🤩
What software are you using to perform the scans?
You are an excellent teacher I am very happy to be a pupil of your alexis.
From Dipanshu kumar
India
In privEsc step this error occured.
$ systemctl enable /tmp/root.service
Failed to execute operation: Unit file is masked
Any Fix?
same
hey am having a problem with trychackme, when i use the attack box everything is fine but when i use openvpn i can ping the machine , BUT : the nmap results are not very accurate for exemple i don't get the squid version i get the open port with "squid ?", and i can't gobuster or any similar tool , and when i put :3333 in the browser nothing shows up , same if i use curl ip:3333 no response ... please anyone help ? am new to tryhackme and it seems like a very usefull learning platform that i want to try :')
I'm facing same problem :-( .. new to tryhackme..
@@skullya874 hi guys seems that you have not opened to the vpn try sudo openvpn (filename).ovnp
This looks sick and I have only watched 46 seconds of the video
I get to the Part where I create the HTTPSimple Server on Port 80, It serves root.service BUT it wont execute root from systemctl it will enable root.service but wont allow me to execute root any ideas anyone? Im stuck......
Hey there, right at 1:02 he says he's already performed this scan and everything is based on the results from the scan that happened prior to the video. I saw that he even grepped some info from a .txt file with the nmap results. what switches were used with the initial nmap cmd? I feel like I am missing something simple here. Thanks.
I always perform the Nmap scan beforehand to save time during the actual process. The .txt file that I used was an output from the Nmap scan. The Nmap flags and options are displayed at the top of the file. Take a close look at the first few lines and you will identify the scan options I used.
Plz tell which linux distro is good for (Raspberry pi 4 model B 8 Gb ram) for ethical hacking pentesting or cyber security
Bro I need become Master in Ethical Hacking but I am confused how to become please help me what to do what not to do please tell me
systemctl enable /tmp/root.service is given error "Failed to execute operation: Invalid argument" any help will be appreciated
same to me
Can I use sqlmap to view the data of inaccessible websites?
If you wonder why intruder fails to determine which extension is allowed, i don't know as well :) but anyway i have a solution for that.
Instead of highlighting whole extension (i.e. $.php$) just highlight the part after dot ($php$)
Then go to payload section, add extensions without dot ( php, php3....phtml).
Start the attack. youll see phtml gives different response code. As we expected...
Just tested and it worked ! Thanks a lot =)
Btw, why the different length = the allowed extension ? Cause code return is shorter ?
@@Paciificatrice maybe 🤔
@Goochisz Magoochisz its been a long time since i quit cyber security. i cant help about such a problem anymore...
systemctl enable /tmp/root.service doesn't work for me i get the error Failed to execute operation: No such file or directory. could someone explain to me whats going on wrong?
I did everything to install gobuster. Even git cloned it. Im looking right at the fact that its installed after that and its saying gobuster command not found.
Try launching it from bash instead of zsh if you are using Kali.
can you please tell me, what "-print 2" mean in the find command? 17:06
-print 2>/dev/null
redirect errors to dev/null
Sir where do you get that python SimpleHTTPServer?
put the root.service inside a folder, then open terminal in that folder and start the server, that will host the content of the folder.
Btw, the command for python3 is: python3 -m http.server 80
For the same nmap command/options, I'm not getting squid version or webserver open port number ☹ :-(
You'll need to use the IP of the active machine (Vulnversity) instead of the IP of the attack box that you are using
Do me a solid, make video on how to run kali in usb live more efficiently, its super slow, but there must be way or what good a usb live is? Also thank you for effort, you're work means a lot to us.
try parrot os, disable service that eat ram
la partie root je ne pouvais même pas imaginer merci merci
There is a bug on my machine, there is no port 3333 from the nmap scan but it accepts the 3333 port answer...
you need to specify -p- to scan all 65535 ports, not specifying it scans only top 1000 ports.
tack p tack
How did u know all of that command
He have brain
@@hackphiles3.031 😂😂😂😂😂
😃😃🤟😌 great video...🙂
bro help me
why in my case is always connecting on 21:55
Can you do a distro review on garuda blackarch edition plz
Bro that's one top distro
#suggestions
Hey there hsploit, back again
18:29 is the bookmark for me
Hi , I have a question is it necessary to get get certified as CEH ?
Nope you can learn hacking without ceh
It will only give you a road map (spoon feeding) it is also very expensive
@@parthvats3635 Thank you brother for your information , How about job opportunities will company heir without CEH?
Hey dude... Amazing video...😌 I love it🤟 hey do you recommend any books to learn hacking 🤔 or can you make a video about it please....😶
Thank you that worked perfectly once I got the root.service file without typos. LOL
As a complete beginner, how should I fucking know the syntax of writing the service, really, they are just saying find root CTF, how dafaq should I get into this?? they were also not explaining this one in previous room. But thanks for your effort.
Do more TryHackMe stuff pls
Sir. Make full video on xerxes. How it works.
Thannnnk Yooooooooooou soooooooooooooo muuuuuuuuuuuch!!!!!!!!
You should have troubleshot the issue at 12:24
You need to disable URL-encoding under: Intruder/Payloads/Payload Encoding (in Burp Suite)
@HackerSploit hey in your android hacking series you mentioned about making a video on obfuscation and manual port forwarding but you havent ...... i would really appreciate it if you did make those videos
Can you show a rat for andriod
Great video
Bro can u make a video on how to start on try hack me from beginning, those who don't have any guide about it.
Nice your videos
So i used visual studio cause vim is trash, vs will make sure that the syntax is correct which i still somehow looked pass it and took me like 4 tries lol
If u share maximum mannual exploitation video pls
I need one help how to hack group
Bro make video on how to hack base attack force
R u learnin?
Thanks 🙏
ty
Noiiice
Seriously if you are not able to understand why burp isn't giving the good results how are we suppose to understand ?? Very bad that's not a way to teach.
How can I contact you ?
How I contact you
@@smartvj2018 mastershadow1018@gmail.com
@@mastershadow2802 thank you.. Bro
спасибо за видео
Bro proxy chains video 2021
Like a imo group and Facebook group and WhatsApp group?
💙
Thanks
Hehe... here we go!!!
thx
spelling wordlist as worldlist haha got to hate simple typos and throwing the user for a loop
hello
How hack social media account?
Can you prepare some reverse engineering stuff? Stop doing basic videos thx.
If you tell me I will pay for you really not joking plz this most importantly for me plz ryp me
Dear fellow viewers,
Don't forget the apostrophe after 0>&1 when creating root.service. Save yourself the minutes of frustration I endured trying to figure out the issue.
Sincerely,
Some dude on the internet
Hey Hackersploit, why am I getting this error when updating my Kali Linux?
404 Not Found [IP: 91.189.95.85.80]