TryHackMe! Wget for Privilege Escalation

"That's not how you drink drinks"
- john hammond 2020

loved the root pwd overwrite technique!

Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!

Thanks John. This was helpful. We learn something new everyday with you.👍

Great video again John!!! I didn't think about replacing the passwd file with our own. Cool solution!

wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro

I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!

You're amazing..keep on going!!!

God, I love this guy♥️

That moment when the cute peas appears is priceless! Great vid as always, thanks John.

We love you man
Keep them coming

Thank you sir..Enjoyed Very Much

Bravo, master!

That was awesome watching you work kudos from Tea4Two

loved that privesc technique, awesome stuff, has always :)

loved how to typed the words..awesome technique

Nice Job Sir

Awesome video again. Thanks.

Awesome as ever thanks!

Amazing thank you

Very cool tbh, I would have never thought to change the password with your own that was very cool😂😂😍

Congrats on 80k!

Great video John, learned something new today :)

Learnt so much from this

This is what iam waiting for

What a great concept, love the vid:D

That was amazing !!

Please tell me your ring tone is the crescendo of the Jurassic Park theme song.

yay johns guna be on

that was actually tuff how long have you been doing this

Linpeas ..👌

that was useful thanks john

Using export for variables in the terminal.... why have I not done this year ago! Thanks

very cool

Loved it alot

Thank you. Probably I shouldn't allow anyone sudo without password especially with sort of wildcard command.

Nice john

are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!

can you explain what was that "nmap/initial" you did there with other commands ??

Do you havr a video where you go over your note taking and subl?

as a normal linux user, I thought it was impossible to put hashes in /etc/passwd
turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)

I like the way you ended the video :P

l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.

I feel like i will never learn hacking even its my dream when i was a kid

thanks bossman :)

Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?

Why you dont use wappalyzer ?

Thing, enter

♥️

What does he use to split terminals?

kinda neat to (nikto)

I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?

hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?

Again a veryyyyyyyy noice video :-)

I can't find any access to sudo without password :(
guess my company's server is good enough

Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?

I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong

John this is bad.
I came here to see, How to stabilize shell.

Ninja

Where i can find gobuster tool please tell me

Can you please tell me how you can resize your tmux windows ?

hey can anyone tell me how he splits his terminal like that? terminator?

Im new to all this and was wondering how you install kali linux

In EU the load times are much faster :/

You look like burger planet

so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..

I lost it at plzsub, so i had to sub

Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.

I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?