TryHackMe - Vulnversity Walkthrough
Вставка
- Опубліковано 5 вер 2024
- In this video, I will be taking you through the Vulnversity challenge on TryHackMe. We will go through the process of reconnaissance, web application exploitation, and Linux privilege escalation.
-----------------------------------------------------------------------------------
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
-----------------------------------------------------------------------------------
TWITTER ►► bit.ly/3sNKXfq
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
-----------------------------------------------------------------------------------
CYBERTALK PODCAST ►► open.spotify.c...
-----------------------------------------------------------------------------------
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
-----------------------------------------------------------------------------------
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#CTF#TryHackMe
To fix the Error in 12:24 you need to disable URL-encoding under: Intruder/Payloads/Payload Encoding (in Burp Suite)
Thank you for your help, it took me 3 hours until I found your comment.
Nice! Thank you.
OMG THANK YOU!!!!
спасибо, легенда
Thanks for this. I NEVER would have figured out that priv-esc at the end.
Very good tutorial til 19:00 where I really feel you need to slow down alot. For all i know u were just saying random words at this point and it was impossible to follow as someone who is just learning this stuff, I can obviously replicate what u are doing and get the flag myself but it feels completely pointless when I have no idea any of the reasoning behind any of what is happening
You can slow the speed of the video down in youtube.
Whenever I am jammed up, you always help me through. ...one point though your screen is blurred at times, hard to see commands. Love your teaching, so easy to grasp the material.
Thanks for the feedback, we will work on improving the visibility of text in future videos.
@@HackerSploit I have returned many times to review your videos, I find the quality of your content very good, and even when your looking to solve some little issue that's blocking progress you expose the reality of what pro's encounter too, not just noobs like me. A 1000 thanks for making videos I can follow and learn from.
Thank you very much! Without your video I'm NOT going to make the box! Very complicated for beginner (1 year THM). But it takes me 4 hours because I wrote it all in CherryTree document myself, made a personel WT with comments😁😂
Hello in the minute 10:47 you just have to look in "Response" header, even though its returning 200, in the "Response" you will see "Extension not allowed" and for the case of phtml it will put "uploaded"
Sir, Can you make a full video on how to choose a target for bug hunting, how you gather information/ recon and then exploit it... which tools you use in daily basis for bug hunting with in-depth guide... I cannot find bugs even after spending weeks. I try very hard and rarely found any bugs ..... please sir make a full video of bug hunting with real world situations... btw I love your content...
hackerone and bugcrowd
you are the real teacher in Pentesting
Why you are using different location for wordlists ? I couldn't find any file on your specified location where do I find common.txt?
I last understood at nmap and boom things quickly escalated to a point were my brain felt like it's melting .... Where can I learn all this from sir ???? Thanks
unfortunately that is the common theme among most of the tutorials: either they suck at teaching or showing off how fast they do stuff, since they have been doing it for so long.
@@Andre-jp4yt I was like, "Damn...I'VE been doing this for awhile and this guy is racing through this 'tutorial'".
@@iCyberVenom I mean it’s tryhackme which is the easiest road you can take, pure hold your hand.
Loving this series!
If you wonder why intruder fails to determine which extension is allowed, i don't know as well :) but anyway i have a solution for that.
Instead of highlighting whole extension (i.e. $.php$) just highlight the part after dot ($php$)
Then go to payload section, add extensions without dot ( php, php3....phtml).
Start the attack. youll see phtml gives different response code. As we expected...
Just tested and it worked ! Thanks a lot =)
Btw, why the different length = the allowed extension ? Cause code return is shorter ?
@@Paciificatrice maybe 🤔
@Goochisz Magoochisz its been a long time since i quit cyber security. i cant help about such a problem anymore...
Bro I need become Master in Ethical Hacking but I am confused how to become please help me what to do what not to do please tell me
hey am having a problem with trychackme, when i use the attack box everything is fine but when i use openvpn i can ping the machine , BUT : the nmap results are not very accurate for exemple i don't get the squid version i get the open port with "squid ?", and i can't gobuster or any similar tool , and when i put :3333 in the browser nothing shows up , same if i use curl ip:3333 no response ... please anyone help ? am new to tryhackme and it seems like a very usefull learning platform that i want to try :')
I'm facing same problem :-( .. new to tryhackme..
@@skullya874 hi guys seems that you have not opened to the vpn try sudo openvpn (filename).ovnp
You are an excellent teacher I am very happy to be a pupil of your alexis.
From Dipanshu kumar
India
why doesn't work the path for gobuster?
This looks sick and I have only watched 46 seconds of the video
Best security tutor on the internet 😍✌️
Hey bro
what should i do when while in 22:20 part when i execute systemctl start root in my terminal it says mesg: ttyname failed: Inappropriate ioctl for device and dont let me connect? ive searched it and its also a vagrant problem but all solutions seems to be realted to it.
What software are you using to perform the scans?
Thank you sir! it is really helping me sir🤩🤩
la partie root je ne pouvais même pas imaginer merci merci
Thank you my idol...Love from Bangladesh
You should have troubleshot the issue at 12:24
You need to disable URL-encoding under: Intruder/Payloads/Payload Encoding (in Burp Suite)
I get to the Part where I create the HTTPSimple Server on Port 80, It serves root.service BUT it wont execute root from systemctl it will enable root.service but wont allow me to execute root any ideas anyone? Im stuck......
systemctl enable /tmp/root.service doesn't work for me i get the error Failed to execute operation: No such file or directory. could someone explain to me whats going on wrong?
How did u know all of that command
He have brain
@@hackphiles3.031 😂😂😂😂😂
Waited for your video
Bro make video on how to hack base attack force
Plz tell which linux distro is good for (Raspberry pi 4 model B 8 Gb ram) for ethical hacking pentesting or cyber security
Do me a solid, make video on how to run kali in usb live more efficiently, its super slow, but there must be way or what good a usb live is? Also thank you for effort, you're work means a lot to us.
try parrot os, disable service that eat ram
In privEsc step this error occured.
$ systemctl enable /tmp/root.service
Failed to execute operation: Unit file is masked
Any Fix?
same
Hey there, right at 1:02 he says he's already performed this scan and everything is based on the results from the scan that happened prior to the video. I saw that he even grepped some info from a .txt file with the nmap results. what switches were used with the initial nmap cmd? I feel like I am missing something simple here. Thanks.
I always perform the Nmap scan beforehand to save time during the actual process. The .txt file that I used was an output from the Nmap scan. The Nmap flags and options are displayed at the top of the file. Take a close look at the first few lines and you will identify the scan options I used.
18:29 is the bookmark for me
As a complete beginner, how should I fucking know the syntax of writing the service, really, they are just saying find root CTF, how dafaq should I get into this?? they were also not explaining this one in previous room. But thanks for your effort.
systemctl enable /tmp/root.service is given error "Failed to execute operation: Invalid argument" any help will be appreciated
same to me
Can you do a distro review on garuda blackarch edition plz
Bro that's one top distro
#suggestions
I did everything to install gobuster. Even git cloned it. Im looking right at the fact that its installed after that and its saying gobuster command not found.
Try launching it from bash instead of zsh if you are using Kali.
Can I use sqlmap to view the data of inaccessible websites?
Hey there hsploit, back again
😃😃🤟😌 great video...🙂
For the same nmap command/options, I'm not getting squid version or webserver open port number ☹ :-(
You'll need to use the IP of the active machine (Vulnversity) instead of the IP of the attack box that you are using
Seriously if you are not able to understand why burp isn't giving the good results how are we suppose to understand ?? Very bad that's not a way to teach.
There is a bug on my machine, there is no port 3333 from the nmap scan but it accepts the 3333 port answer...
you need to specify -p- to scan all 65535 ports, not specifying it scans only top 1000 ports.
tack p tack
can you please tell me, what "-print 2" mean in the find command? 17:06
-print 2>/dev/null
redirect errors to dev/null
Sir. Make full video on xerxes. How it works.
Do more TryHackMe stuff pls
bro help me
why in my case is always connecting on 21:55
So i used visual studio cause vim is trash, vs will make sure that the syntax is correct which i still somehow looked pass it and took me like 4 tries lol
Bro can u make a video on how to start on try hack me from beginning, those who don't have any guide about it.
Thannnnk Yooooooooooou soooooooooooooo muuuuuuuuuuuch!!!!!!!!
@HackerSploit hey in your android hacking series you mentioned about making a video on obfuscation and manual port forwarding but you havent ...... i would really appreciate it if you did make those videos
Sir where do you get that python SimpleHTTPServer?
put the root.service inside a folder, then open terminal in that folder and start the server, that will host the content of the folder.
Btw, the command for python3 is: python3 -m http.server 80
Thank you that worked perfectly once I got the root.service file without typos. LOL
If u share maximum mannual exploitation video pls
ty
Can you show a rat for andriod
Thanks 🙏
Dear fellow viewers,
Don't forget the apostrophe after 0>&1 when creating root.service. Save yourself the minutes of frustration I endured trying to figure out the issue.
Sincerely,
Some dude on the internet
Hi , I have a question is it necessary to get get certified as CEH ?
Nope you can learn hacking without ceh
It will only give you a road map (spoon feeding) it is also very expensive
@@parthvats3635 Thank you brother for your information , How about job opportunities will company heir without CEH?
Great video
Nice your videos
Hey dude... Amazing video...😌 I love it🤟 hey do you recommend any books to learn hacking 🤔 or can you make a video about it please....😶
I need one help how to hack group
Like a imo group and Facebook group and WhatsApp group?
Bro proxy chains video 2021
R u learnin?
Thanks
Noiiice
thx
spelling wordlist as worldlist haha got to hate simple typos and throwing the user for a loop
спасибо за видео
How can I contact you ?
How I contact you
@@smartvj2018 mastershadow1018@gmail.com
@@mastershadow2802 thank you.. Bro
💙
hello
Hehe... here we go!!!
Can you prepare some reverse engineering stuff? Stop doing basic videos thx.
How hack social media account?
If you tell me I will pay for you really not joking plz this most importantly for me plz ryp me
Hey Hackersploit, why am I getting this error when updating my Kali Linux?
404 Not Found [IP: 91.189.95.85.80]