TryHackMe! Wonderland - Python Module Manipulation & Capabilities
Вставка
- Опубліковано 17 вер 2024
- Hang with our community on Discord! johnhammond.or...
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond
Between these videos and THM, I've learned so much over the past 8 months.
how is it going?
This was really good. When I did this room earlier this week I thought it would be a good one for you to make a video for. Great minds and what not!!
Dang I'm so far from getting that level. Hard work mien!
Hey John. Do you have plans to make a Video on hosting your own CTF, Joepardy and A&D? I would really like that
Great work John, as usual! Thanks for these videos, not only quite educative but also super entertaining. Any suggestion about good resources about Python for cyber security, it's obvious you love it :)
i have a course of python for pentesters if you want
Thank You Mr. Sheeran for taking time away from your music to be "John Hammond"😉
Outro is dope like closing with the hand and music
Realy helpful and u r doing a great job
awesome
Great!
Hey John!! I love your videos and would you advise me to choose between learning binary hacking or web exploitation
Which are you more interested in? :)
@@_JohnHammond both xD
lol you answered your own question @@bruh_5555
I might make my scripts exit by printing "Segmentation fault (core dumped)" just for the LOLs
I am a little bit confused on a part and would appreciate some help and answers: the teaParty binary in the rabbit home directory has the sticky bits set and is also owned by root. my question is, why do we get shell as hatter and not root if the binary has SUID set? what commands can we use to check what is going on?
Inside the teaParty binary the id used is 1003 corresponding to hatter instead of id 0 for root when calling setuid and setgid. I used IDA freeware to view the function calls and see the parameters used.
@@jonathanlein7699 thank you, it makes sense now! it's very weird (at least to me) to have SUID set on the binary and then also have setuid/setgid inside as well. thanks for the help
Thanks a lot for an amazing explanation !
Keep up the great content!
Peculiar
Hey john. Do you have plans on making a video explaining how you setted up the poor mans pentester?
You are love man 100% quality content in free ❤
Thx John!
11:07 which font? Thank you and have a great day. The font looks pleasant to read.
09:50 the juicy stuff
I have a few questions....
1.Whats the difference between bash and bash -p?
2.When u ran teaparty,shouldn't u have become root and not hatter as the owner of the file is root?
The -p option changes the output format to that specified by POSIX. When the shell is in posix mode, it does not recognize time as a reserved word if the next token begins with a `-'.
john i always press like button
Hello sir !
Will you please provide us the scripts that you used to find vuln in Linux box ...
It will be great if you make a video on it !!!
thanks ! please do more tryhackme in your channel.Love From IRAN
What Linux OS do you use? Any you recommendations for a beginner Linux user?
sir is there any specific reason why you use ubuntu instead of Kali or parrot which have already installed tools you needed?
He finds kali overwhelming with so many tools and also Ubuntu has wider support base and softwares to do stuff like streaming and recording
I assume this is the OS he daily drives. You're not supposed to run Kali as your main OS. Parrot is more suitable for that, but I assume he just likes Ubuntu and is used to it, and it's not like he has a problem installing things himself.
Also, Parrot is the only OS I tried that just keeps hanging at random times on my laptop. Don't know if it's a common problem.
If you ask me, Ubuntu is just the best distro out of the box (Though ram consumption with gnome is a bit too high compared to other desktop environments).
Great video, too many adverts though :-(
Hi John can you (or anyone else here) help me understand what does the -p flag do in /bin/bash -p command? 11:07
Try using man
can somebody explain 13:37?
why can he abuse date?
The script calls for a date module and he just creates his own with the same name so that instead of calling the real date it calls his malicious script
@@jacobsan but this isnt a python modul, it is a bash command / bash programm...
i mean i get the point, but if i create a bash script with the name "test" in my home dir and in the same dir i type in "test" then nothing would happen (i need to type in ./test odr bash test)...
We want cyberstack challenges with python scripting please
Hey If you dont mind can you make a tutorial on hershell ?
How long did it take you to figure out the url was supposed to spell out rabbit? and why cant you grab the root.txt on you machine and switch the permissions on your end?
Because the file is owned by root and linhz prevents you from accessing the file itself and you can only change the permissions of the file if you're the owner of the file or if you're root but in this case the file is owned by root so you have no luck in reading it because if you try to grab it, the program will have to read the file too so no luck
This room got me dizzy in the beginning
Numerical details explain master
What are your certs on the wall behind you??
Those are actually my girlfriend's degree and commission ahaha. Her desk is behind mine (all those Disney figures back there are hers too :)
Okay
John sar windows 10 use ethical hac***king course. 🕵️♂️🕵️♂️🕵️♂️🕵️♂️🕵️♂️
Me gustaría aprender python
Hay que aprender bro. Best wishes.
I was denied access when i try to enter root using the gtfo bin. Can anybody tell me where did i do wrong?
We want cyberstack challenges with python scripting please
We want cyberstack challenges with python scripting please
We want cyberstack challenges with python scripting please
We want cyberstack challenges with python scripting please
We want cyberstack challenges with python scripting please
We want cyberstack challenges with python scripting please