can someone elaborate on the -p argument? I literally cant find any more info on it? Does it stand for permissions? How does this relate to the PE here? Thanks
found it.. .for anyone else. bash -c "help set" -p Turned on whenever the real and effective user ids do not match. Disables processing of the $ENV file and importing of shell functions. Turning this option off causes the effective uid and gid to be set to the real uid and gid.
i dont understand what the attacker did with the .overpass file? it outputs a string and after this he knows the user and password? i thougt it was maybe base64 enocoded but i was not able to decode this string to anything usable.
Dude I had user flag in about 30 minute of this thing the day it came out but then got stuck on priv esc as the hint had me thinking it had something to do with the ssh keys that were made. I finally had to step back and think, and then ran ls -a and felt so dumb.
Hi John thank you so much for your videos, you're doing a really great job and i really like how do you explain..... I was stopped in ssh login, I don't know why on my local machine I can't login cause I always had this massage: "Unable to negotiate with port 2222: no matching host key type found. Their offer: ssh-rsa", I was going crazy and I thought I was doing smth wrong at the end....but you confirmed in you video that my steps were right...so I used the online kali machine on THM and it works immediatly -.-" I can't really understand why I had this issue on my local vm... do you, or anybody else, have any idea (just for future situations)? thank you!!
Please stop presolving the rooms! I think it's much more interesting to see your struggles in real time (cutting if the struggles get too long) but I think it's far less fun watching you act it out. Thanks for taking some criticism, love your videos nonetheless!
I think I will start to do this on Twitch or something, where I'll take a look at a box for the very first time on a stream, but UA-cam could be reserved for the proper walkthrough video. Do you think that works as a good mix?
John Hammond That sounds like a good way to get both. I don’t know how often I’d be able to tune into the streams with work, but if you’re saving twitch vods I’d be sure to watch them. I think that seeing how you think about the rooms in real time is more beneficial to me personally than a walkthrough.
Ed Sheeran ah John the Ripper Hammond THANK YOU ! 💯🤟
Loving this series, wish it was your first attempt live though, would be great to follow your thought process!
the things i love in this series is i can see his thinking about something may be helpful at this situation.
Thanks, really love the extra information that leakes during the whole processes
loving the tryhackme content recently!
Good to get back on the saddle!
You have a natural ability for teaching. Ever consider doing a noob course on Udemy or on here?
thank you for the little push you gave me for the last part :) !
Let the hunger games begin
Hi John, thanks for the walk-through. Please, do you have a link to a documentation on the -p in the suid_bash command?
Octothorp ,best word
Octothorpe, understood man
great walkthrough! thanks again!
can someone elaborate on the -p argument? I literally cant find any more info on it? Does it stand for permissions? How does this relate to the PE here? Thanks
found it.. .for anyone else.
bash -c "help set"
-p Turned on whenever the real and effective user ids do not match.
Disables processing of the $ENV file and importing of shell
functions. Turning this option off causes the effective uid and
gid to be set to the real uid and gid.
Thank you so much was stuck at same point for so long
Awesome video John (the) Hammond.🤓
A living legend! Thanks a lot
why was development folder not visible to us during the attacking ?
Keep doing these. Thanks man
i dont understand what the attacker did with the .overpass file? it outputs a string and after this he knows the user and password? i thougt it was maybe base64 enocoded but i was not able to decode this string to anything usable.
Men, kinda miss the start . Therefore I will wait for a recording so I can follow well.@jjohn kudos for doing this box
what terminal multiplexer do you use ?
Cooctus Clan!
Thanks brother for the great content.
how do i know that why i used -p . or how do i know that i have to use -p without knowing whats inside the program
it's bcoz of bash
hi, any documentation why you set the options "-p" when you run ./.suid_bash?
It is actually given in the GTFOBins website look at the end of webpage
gtfobins.github.io/gtfobins/bash/
@@gurkiratsingh5165 thanks a lot
Really loving the content!
Looking at shibes. Like, Shiba Inus. It's what every self respecting person does on the internet.
Dude I had user flag in about 30 minute of this thing the day it came out but then got stuck on priv esc as the hint had me thinking it had something to do with the ssh keys that were made. I finally had to step back and think, and then ran ls -a and felt so dumb.
Hey, I got hacked on my business page and was confused but then I was referred to magicalhack on IG. He got my account recovered, I recommend him.
Now that you are doing this tryhackme stuff, will you go back to doing some more CTF Challenges (harder ones, that take more than 5+ min to solve)
What sort of challenges do you want to see?
@@_JohnHammond why not RE chals?
Whats the name of the outro song your using in your videos ?
That is Lost Sky - Fearless
@@_JohnHammond Thanks john , just had to comment something for UA-cam's algorithm xD
hey !! wanna ask you something! can you bypass icloud authentification with these codes and stuff ???
If he could, Apple would pay him about $250,000 to tell them how, in which case they'd patch it, and he wouldn't be able to anymore.
Looking at shibes xD doge woof woof
lol shibe = shiba Inu. A prevalent theme in THM mod group. Even they have a bot command for that. :-P
Hi John thank you so much for your videos, you're doing a really great job and i really like how do you explain..... I was stopped in ssh login, I don't know why on my local machine I can't login cause I always had this massage: "Unable to negotiate with port 2222: no matching host key type found. Their offer: ssh-rsa", I was going crazy and I thought I was doing smth wrong at the end....but you confirmed in you video that my steps were right...so I used the online kali machine on THM and it works immediatly -.-" I can't really understand why I had this issue on my local vm... do you, or anybody else, have any idea (just for future situations)? thank you!!
With the Option -oHostKeyAlgorithms=+ssh-rsa you can force to use the Algorithm the Server wants
@@gtb7878 I have same Uneven problem and when I use this it work! , thanks
@@abdullahwebde692 nice to hear it worked! :)
Any advive to where to start on try hack me ?
/
octothorpe ?!?
do your job mr.Algorithm thing)
You r the best for ctf
❤️
Try Overpass 3
Hello Everyone i am John Hammond and I am the Winner
Try the Recovery Room. tryhackme.com/room/recovery
Reyal files this reyal files.🤝🙏🙏🔥retoo time 👀?.
K
Please stop presolving the rooms! I think it's much more interesting to see your struggles in real time (cutting if the struggles get too long) but I think it's far less fun watching you act it out. Thanks for taking some criticism, love your videos nonetheless!
I think I will start to do this on Twitch or something, where I'll take a look at a box for the very first time on a stream, but UA-cam could be reserved for the proper walkthrough video. Do you think that works as a good mix?
John Hammond That sounds like a good way to get both. I don’t know how often I’d be able to tune into the streams with work, but if you’re saving twitch vods I’d be sure to watch them.
I think that seeing how you think about the rooms in real time is more beneficial to me personally than a walkthrough.
@@_JohnHammond I would follow and subscribe to you live streaming on any platform for real-time solves.