Something I have come to appreciate about these walkthroughs, for someone like me using Parrot OS, i had difficulty with a few tools and installs, but ultimately i was able to figure them out. The fact that you dont walk us through EVERY single aspect, that there was a bit to figure out on my own, is helpful in the end. keep it up.
You explain very well... I thought I never see you on youtube, so I checked your channel and subs... You deserve lot more .. I am stuck in this machine and you are explaining so well.. Others just hack the machine without telling precisely about what they are doing
Hey man, the little cuts in between words to make the video just a little bit quicker and more streamlined don't go unnoticed. Also, explaining every switch for nmap and every other important thing with just enough detail to get the gist of it, but not so much that it slows down the pace of the video too much is also very nice to see. I won't be surprised when your channel starts growing exponentially. The professional theme to your channel is also refreshing to see, but something to consider is compromising the professional look for a bit of mild clickbait here and there. Not trying to tell you what to do, but if you look at Loi Liang Yang's channel, he strayed from the professional theme into some mild clickbait, and as a result his following grew massively. Thanks for the videos.
I will add that, from time to time, I don't think an uncommon opinion would be that Loi comes across as cheesy because of how hard he's trying to lean into the whole stereotypical youtube entertainer persona, so that's also something to think about.
I always love reading comments like these! Thank ya so much for the kind words, it what keeps me going on these videos! I've definitely wanted to move the channel in a direction that maintains the standard of utility to learn new security topics but at the same time be as relaxed and laid back as possible. The editing and quality improvements are one of the first steps in that direction in my opinion. The video I just recorded will hopefully even be a little bit more laid back and even more jam packed with info hopefully 🤞🏼
I commented on one of your older videos saying I couldn't hear you, I can definitely hear you now so thank you for that && thank you for this video as well!! Peace, Love, and Smoke DMT
This is such a clear and excellent walkthrough! Thanks for your hard work! One thing that is just on the back of my mind is how daunting it is just thinking of taking OSCP, when very very low level things like this already looks scary. 😮💨
Tbh it's not that bad it's just the basics of everything. Once you learn and understand how systems work and operate . ( For example in this hack the box case : go and learn some web+window's basics. And don't use the hack the box academy couse you will not understand a single word) All of this will be clear.
Honestly I got a lot of my entry level knowledge from YT videos just like this one! And then a lot of other knowledge has come from working in the field. Appreciate the love :)
Man i am just wondering how u can gain such deep knowledge ? what are the sources you get info from ? if you dont mind can you please make a video on that topic about you ? Thanks
Yeah i could definitely make a video on that! Ultimately the thing that matters most is staying consistent over time in learning new things and relearning the basics of a topic. Eventually that will get you to a point where you'll have a great baseline of knowledge!
And "badminton" is just a regular word. It's not meant to be (I suppose) dissected into b-ADMIN-ton, though it was probably a fun wordplay from author's side. "Badminton" is a name of a sport - essentially like volleyball, but with rackets resembling the tennis ones. It has millions of followers worldwide and is played at the Olympic Games, so that's really surprising you haven't heard of it (I guess)
Im having an issue with changing the http to off in servers to start, since there is an error with port 80. When i go into the responder file it says that it is off, but im still not able to listen the events when i run sudo responder -I tun0. Any thoughts?
Hi, I'm really enjoying the video, but I'm stuck at responder. I have reinstalled it many times and it keeps telling giving me a DeprecationWarning. What should I do? Thanks!
@@John-wc8ju Hey guys, if you talk about the deprecation issue when you run Responder with python3 or just with the shorthand "responder" which is the same, I had the same issue and after some research and reading I've found that python3 (python3.10) has a bug which causes this issue, what you can do is go to /usr/share/responder and run Responder.py wth python3.9 Responder.py -I xxxx i hope this helps you or any other person in the future with this same problem.
could somebody help me. I use linux in laptop. add /etc/hosts but when I execute ip from machine in HTB. it's getting slow. Any configuration should I tweak? Dizzy about this
hey quick question: why is the hash of the administrator even sent? isnt it just the client who recieves a challenge and sends back the hash? thanks if anybody can help me
ok nvm i got it (the webserver is client in this case) 1. the webserver is the one that sends the request 2. my VM sends the challenge 3. the webserver encrypts the challenge with its password and sends it back to my VM 4. responder + john
Yep you’re right! At that point I was talking from the perspective of not already having a bunch of info on the machine. Also be careful relying on wappalyzer- I stopped using it on web application pentests because it was just giving me blatantly wrong information (I.e. saying the db was MySQL and it wasn’t, saying it was a PHP app and it was a jsp app, etc.)
Make sure you have Sublime text editor installed! It doesn't come by default with Kali. You can use the "edit " if you want a GUI text editor like sublime and don't want to waste a bunch of time installing sublime
@@user-gv9my3jy4b ive had this. You probably installed a dev version of sublime and not an unregistered version. Uninstall the current sublime and make sure you install the stable version
Hahaha definitely check out some of my other stuff I was using a fresh install for this one so the terminal is pretty base but it’s different in all my newer stuff 😀
I am having so much trouble. I am stuck at the very beginning of Responder. When I type in my IP address and it reverts to unika.htb, I follow your exact steps to /etc/hosts where I put in the *tab* , but it just wont work. I have tried looking what might be missing and installing some packages. Do you know what I am missing? Does anyone know? *PS Complete noob to this kind of stuff
When I runnning john from my ubuntu machine with: john -w=/usr/share/wordlists/rockyou.txt hash.txt it shows "No password hashes loaded (see FAQ)" Any people has solutions?
if i try to use john the ripper that way, i get the error "no password hashes loaded" (i dont use the wordlist from kali because i use ubuntu but downloaded a rockyou.txt from the internet and used this instead(should be the same))
This made my tiny brain explode with so much enjoyment and understanding. 10/10. Definitely subbing.
Thank you for this, very streamlined and easy to follow. The way you explain every flag and how everything works is so helpful for a beginner like me.
I'm glad it was helpful! 😄
Something I have come to appreciate about these walkthroughs, for someone like me using Parrot OS, i had difficulty with a few tools and installs, but ultimately i was able to figure them out. The fact that you dont walk us through EVERY single aspect, that there was a bit to figure out on my own, is helpful in the end. keep it up.
You explain very well... I thought I never see you on youtube, so I checked your channel and subs... You deserve lot more .. I am stuck in this machine and you are explaining so well.. Others just hack the machine without telling precisely about what they are doing
Thank you a ton!! I'm trying to grow so I always love to read comments of people who appreciate the work that goes into my videos! :)
Hey man, the little cuts in between words to make the video just a little bit quicker and more streamlined don't go unnoticed. Also, explaining every switch for nmap and every other important thing with just enough detail to get the gist of it, but not so much that it slows down the pace of the video too much is also very nice to see. I won't be surprised when your channel starts growing exponentially.
The professional theme to your channel is also refreshing to see, but something to consider is compromising the professional look for a bit of mild clickbait here and there. Not trying to tell you what to do, but if you look at Loi Liang Yang's channel, he strayed from the professional theme into some mild clickbait, and as a result his following grew massively.
Thanks for the videos.
I will add that, from time to time, I don't think an uncommon opinion would be that Loi comes across as cheesy because of how hard he's trying to lean into the whole stereotypical youtube entertainer persona, so that's also something to think about.
I always love reading comments like these! Thank ya so much for the kind words, it what keeps me going on these videos! I've definitely wanted to move the channel in a direction that maintains the standard of utility to learn new security topics but at the same time be as relaxed and laid back as possible. The editing and quality improvements are one of the first steps in that direction in my opinion. The video I just recorded will hopefully even be a little bit more laid back and even more jam packed with info hopefully 🤞🏼
Great teacher ! thanks so much for your easy to follow explanations and overall great content ! cant wait to see more videos.
Glad to hear your audio is getting better than previous one
I commented on one of your older videos saying I couldn't hear you, I can definitely hear you now so thank you for that && thank you for this video as well!!
Peace, Love, and Smoke DMT
This was great and you were sincerely easy to follow. I love the video, thanks man!
Thank ya! I appreciate the kind words! :)
I'm waiting for a long time
This is such a clear and excellent walkthrough! Thanks for your hard work!
One thing that is just on the back of my mind is how daunting it is just thinking of taking OSCP, when very very low level things like this already looks scary. 😮💨
Tbh it's not that bad it's just the basics of everything. Once you learn and understand how systems work and operate . ( For example in this hack the box case : go and learn some web+window's basics. And don't use the hack the box academy couse you will not understand a single word)
All of this will be clear.
Gotta love this man! Please keep making videos with that smiling face (also offline haha) Thanks Man!
u are good at keeping things simple nice job
from what sources did you gain so much knowledge from? and what do you recommend?
informative video as always, keep up the good work!
Honestly I got a lot of my entry level knowledge from YT videos just like this one! And then a lot of other knowledge has come from working in the field. Appreciate the love :)
Very helpful video man gj!
Thnaks so much for these videos .. you are the GOAT
Thanks!! I'm glad the video helped :)
Very good brow!!! Great explanation.
Man i am just wondering how u can gain such deep knowledge ? what are the sources you get info from ? if you dont mind can you please make a video on that topic about you ? Thanks
Yeah i could definitely make a video on that! Ultimately the thing that matters most is staying consistent over time in learning new things and relearning the basics of a topic. Eventually that will get you to a point where you'll have a great baseline of knowledge!
@@FindingUrPasswd Thank you so much man...!!
Very good, keep them coming!
Thank you!
tHANKSSSS finally
TYSM
bro you helped me a lot. thank you
23:10 - reading the IP from the OS toolbox in the top-right corner is perhaps easier :P Anyway, awesome tut, thanks
And "badminton" is just a regular word. It's not meant to be (I suppose) dissected into b-ADMIN-ton, though it was probably a fun wordplay from author's side. "Badminton" is a name of a sport - essentially like volleyball, but with rackets resembling the tennis ones. It has millions of followers worldwide and is played at the Olympic Games, so that's really surprising you haven't heard of it (I guess)
lmao yeah never heard of it that's pretty crazy 😂 that wasn't ever really my scene but I guess you learn something new everyday!
Love your content - thank you.
Im having an issue with changing the http to off in servers to start, since there is an error with port 80. When i go into the responder file it says that it is off, but im still not able to listen the events when i run sudo responder -I tun0. Any thoughts?
thanks
Thanks u where so informative
subbed for life
make more
Hi, I'm really enjoying the video, but I'm stuck at responder. I have reinstalled it many times and it keeps telling giving me a DeprecationWarning. What should I do? Thanks!
Hey, i keep getting the same error.. Did you fix it?
@@John-wc8ju Hey guys, if you talk about the deprecation issue when you run Responder with python3 or just with the shorthand "responder" which is the same, I had the same issue and after some research and reading I've found that python3 (python3.10) has a bug which causes this issue, what you can do is go to /usr/share/responder and run Responder.py wth python3.9 Responder.py -I xxxx
i hope this helps you or any other person in the future with this same problem.
30:32 evil winrm does not connects with panal and throws an error "type openSSL :: digest::digesterror happened " what it mean can anyone slove this??
gracias pa
could somebody help me.
I use linux in laptop.
add /etc/hosts
but when I execute ip from machine in HTB.
it's getting slow.
Any configuration should I tweak?
Dizzy about this
in my case in the Responder Events no hash code appears. could it be related to the DeprecationWarning message that appears there?
I had the same problem and fixed it by running with python 3.9, but I don't get the hash specifically in this test
@@aprilmendez6343 how did you run it with python3.9 I have the same issue
hey quick question: why is the hash of the administrator even sent? isnt it just the client who recieves a challenge and sends back the hash?
thanks if anybody can help me
ok nvm i got it (the webserver is client in this case)
1. the webserver is the one that sends the request
2. my VM sends the challenge
3. the webserver encrypts the challenge with its password and sends it back to my VM
4. responder + john
11:15 "We don't know whether it is a Windows or Linux" , I have the Wappalyzer and it shows that info, in this instance it's Windows.
Yep you’re right! At that point I was talking from the perspective of not already having a bunch of info on the machine. Also be careful relying on wappalyzer- I stopped using it on web application pentests because it was just giving me blatantly wrong information (I.e. saying the db was MySQL and it wasn’t, saying it was a PHP app and it was a jsp app, etc.)
Man idk what it going on with my machine but subl is not working at all and still can get past this one
Make sure you have Sublime text editor installed! It doesn't come by default with Kali. You can use the "edit " if you want a GUI text editor like sublime and don't want to waste a bunch of time installing sublime
?@@FindingUrPasswd in regards to sublime text, I'm having trouble finding a license key that works, is there a free version,? any way around this?
@@FindingUrPasswd i think i got it figured, i use parrot, it looks like pluma will serve the same purpose. just found the same file.
nope actually, no i cant. read only. i guess thats where sublime comes in. back to searching for a key
@@user-gv9my3jy4b ive had this. You probably installed a dev version of sublime and not an unregistered version. Uninstall the current sublime and make sure you install the stable version
Your content is very good
But plz change your terminal to solid (not transparent)
Hahaha definitely check out some of my other stuff I was using a fresh install for this one so the terminal is pretty base but it’s different in all my newer stuff 😀
For some reason i cant use sudo subl /etc/hosts command. It says sudo: subl: command not found
Yeah so sublime isn’t installed by default- try nano, mousepad or gedit instead of subl
I AM SO JACKED..... SOOOO JACKED.......
❤❤❤❤❤❤
Waiting for Pandora box. I've solved this task but now it's not working anymore.
Definitely will look into that one! I'm working on releasing a video on the Unified box for Log4j first!
Literally no matter what I do, responder will not record an event from that website for me.
me either, are you on linux?
nah man I was in trouble with this machine.I tried 4 times
Same for me 😂👍🏼
i cant get the web paige up
the website just isnt loading for me even after i change everything
Not sure if you got it to work by now. But I had a similar issue, realized I didn’t save it with Ctrl S and then refreshed the page and it worked.
did not help me much sicne i use pwnbox and not kali
This box is so out of place.
no way this is easy machine :@
evil-winrm isnt working on my kali
I am having so much trouble. I am stuck at the very beginning of Responder. When I type in my IP address and it reverts to unika.htb, I follow your exact steps to /etc/hosts where I put in the
*tab* , but it just wont work. I have tried looking what might be missing and installing some packages. Do you know what I am missing? Does anyone know?
*PS Complete noob to this kind of stuff
When I runnning john from my ubuntu machine with: john -w=/usr/share/wordlists/rockyou.txt hash.txt
it shows "No password hashes loaded (see FAQ)" Any people has solutions?
try adding --format=netntlmv2 to john
if i try to use john the ripper that way, i get the error "no password hashes loaded" (i dont use the wordlist from kali because i use ubuntu but downloaded a rockyou.txt from the internet and used this instead(should be the same))
nevermind. i found the solution. I used version1.8(not jumbo) of JtR because I installed it with apt. Fix: Install with snap
@@zonko1176 I was going crazy on that! Thank you so much for that solution! It worked like a charm!
@@P3droo96 Im so happy I could help somebody ^^