TryHackMe! Basic Penetration Testing
Вставка
- Опубліковано 8 чер 2024
- Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
he never said "Im in" when hacking.... Very dissapointed
epic letdown
Looks like a amature hacker, no i'm in is a big no
Saying I’m in is the difference between a good and great hack. He will seriously need to work on this if he wants to improve.
Nice
To be real hacking is more like sex. Sometimes the other party just won't participate and there is nothing to gain, however once they do participate you will likely go in and out each time deeper and deeper multiple times until something brakes and you're done. Yes some times you can try brute forcing things, but it only works if the other party is weak. If you can't brute force things and well things don't go anywhere, you should try various other approaches and see if taking your time will make a difference.
i didn't understand a single shit of what was happening but i loved every single bit of it
You and me both lol
Haha same, hopefully one day most of this stuff doesn't fly over my head!
Start learning linux. That alone will make a lot of this stuff very clear.
"a single shit" I lold
i dont even know how to program and i find this very interesting even tho i dont understand whats going on :D
This is not hacking. All the texts are not in bright green color and doesn't have that "pip" sound on every letter pressed
Agreed, no Mr.Robot here
@@natking1u1z99 mr robot is accurate tho
@@natking1u1z99 Sorry Mr Robot is too accurate for this
@@natking1u1z99 wdym, mr.robot is actually pretty accurate when it comes to hacking (so no green colors or pip sounds)
@@natking1u1z99 ?????? did you even watch mr robot?
A real hacker would be wearing sunglasses in a dark room and listening to techno.
And big black hood
@@dermottobin9 I think you mean Doritos.
@@hematogen50g damn you beat me to this comment lol
aw man they missed out on the chance to call it 'trypenetrateme!'
I was gonna like your comment but it's sitting at 69 likes... nice
update... someone already fucked it up :/
lets get it to 420 then
It's so akward when you have to explain what pentester means..
@@xiampiii It's at 420 likes now.
I am now in anonymous
hello Mr. Blizy i am big fan pls send me csgo knife please yes?
yes
Lol
elo blizy give naif yez
@@nahomgetiye2468 No you can't.
Yes we can.
Nope!
You: And boom! we just completed the basic room!
Me: WTF was basic about that!?
Kkkkkkk mesma coisa irmão
Hermínio Cossa tf
Apenas Hackermans entendem Hackermans
@@herminiocossa3475 ne
It stops being basic when you have to develop your own tools and exploits lol
I have recently discovered your channel and there is no way for me to leave any watched video without thumbs up. I really like your style and way how you share knowledge. Awesome work! There's so much to learn!
Man you really made me watch 30 min and I didn`t even get bored xD. Great video.
same!
before reading this comment i didnt even think this video was 30 mins long well those 30 mins were well spent...
Great to see a higher level pentest explanation type video which doesn't bore you to death with every tiny detail but still goes over each of your steps.
If we see a tool or vector that's new to us we can follow up at a lower level later.
For a 30 min video you kept up a speed and momentum that was so easy to follow and engaging it seemed like its was much shorter. To me the sign of good video making is when you realise what you thought was short 5 or 10 min of viewing was actually half an hour or more.
Definitely leaving a deserved Thumbs Up on this Video and I'm now off to check out you other content. If this video is a typical I will be subscribing for sure.
Thanks so much! Appreciate all the kind words, I am happy to hear the video is well-received. Thanks for watching!!
I totally agree with this random stranger on the internet. I hope there's more videos on this try hack me stuff on your channel! Nice video and hope to be seeing more of those!
Hello
Ok boomer 🤣
Yeah yeah it was lit 👍
Just started pen-testing in school whilst learning network security. Learned more during this than I did during 1 month of lectures+labs. Thank you!
me - print("hello world")
*I AM HACKER*
#Include
Int main();
{
std::cout
@@brotherindeed992 Weird flex but ok
@@brotherindeed992 const f = "H";
let u = "E";
let c = "L";
let k = "LO";
let y = "W";
let o = "O";
console.log(f + u +c + k);
let u = "RLD";
console.log(y + o + u);
This took me so long to type
@@brotherindeed992 Wait, how do you use std::cout with lol
Either std::cout from or printf() from
@@h-0058 I learnt c++ on my own but my college demands I write all programs in c, hence the mindfuck.
Him: "obviously this is some kind of beginner room here"
Me: Doesn't understand at all what he is doing and just sees random letters and numbers.
Its like a gamer trying to play dwarf fortress for the first time. Its completely gibberish to an untrained eye and it probably takes months or years to begin to understand. All in good practice though I assume.
Honestly the most important thing too understanding this video is becoming familiar with Linux. I'm not at all interested in pen-testing as a career, my only involvement is watching these videos. However, I'm able to keep up with the videos just with my existing knowledge of Linux. All the special tools he uses to brute force accounts are pretty self explanatory with a quick Google search.
Ed Sheeran when he isn't making music.
Ginger : *exists*
People : eD sHeErAn
@@CobraunieSC true 😂
liked after 1 playthrough with intent to re watch because I enjoyed the first round so much I want to savor the sweet flavor of knowledge that is so refreshing to see and hear, videos are the new TEACHING method that work. Thank you so very much for making this!
This is excellent!! Liked, of course. So I’ll be watching again and again-not until I like it but until I completely understand it! Really good content, pace, insight and quality. Thank you so much.
John you made by life so easier by posting these videos and explaining everything in details!Thanks a lot it really helps newbies to learn ctfs!
Totally agree!
I took a class in Cyber Security during my Bachelor's some years ago. This was a cool way of seeing some of those concepts actually applied. I found your way of solving the problem very informational, and it was definitely very entertaining
I've been thinking of pursuing cyber security in uni, what's it like?
Starting my degree in Cyber Security this year, can't wait.
How did that turn out? 😁
John Hammond is crazy!!
Starting to fall in love with you, for those detailed walkthrough videos.
Keep going John..
no "I'm attacking the firewall" and visualization of tetris being played to break said wall....disappointed
Wow seeing this walkthrough has really opened my eyes to what must be done to gain access. I'm definitely getting into cybersecurity now. Great video!
Excellent, I am very happy to hear that! Thanks so much for watching!
The phrase I expect to hear after "really opened my eyes to what must be done to gain access" is you DON'T want to do cybersecurity (or your own hacking). I have a hard time imagining what you mean. Is it: "cybersecurity sounds like a really easy job, because I can sit back and know there are so many defences already in place"? I can't imagine any other way you get from your first thought to the second. Are you just lazy, or really excited about learning how to invade the privacy of others? Nothing else makes sense here.
@@squirlmy He probably just thinks that this was cool ^^
@@squirlmy you're great at parties I bet
@@cdev-kz3lj yeah, I don't get invited to parties anymore since all the fatalities at the last one. But you can hardly blame me, the axe was right there, just begging to be used!
I knew cybersec/pentesting was a challenge and a puzzle, but I never knew it was like this! Thank you for confirming that it's something I'd like to do with my life!
Its crazy to think this was the exact video that got me into cybersecurity a little over 1 year ago and this week i just landed a job in the industry. Much love to the UA-cam algorithm!
Do you have relative backgrounds of computer science before that? bc it sounds incredible to pick up cybersecurity within a year
@@halzoun6195 yeah I was in University studying information systems. So i already had a background in web development and some other programming. Also I wouldn't say i picked it up in a year because i am still trying to learn every day.
Well. The fact you decided to take the time to go over this and show how these basic concepts are done just got you a like and sub! GG!
I can't believe I haven't heard of tryhackme before but I'm so excited to go try it out! Great video, can't wit to learn some new stuff!
I hope you enjoy it, I think it is a blast! Thanks for watching!
And also hack the box ,just try that
Are u a experienced hacker ?
@@pianodotexe3852 google
Oh man. John coming at us AGAIN with the great info!
This is exactly what I was looking for. I've done a few HTB challenges. But I usually need help during them, because there are basic fundamentals I don't understand. And there are tools I didn't know exist. I can fumble my way through some boxes, but I'm usually pulling out my hair.
This is a wonderful service. And will hopefully solve exactly that issue for me. Thank you!
I was looking forward to starting HTB, what fundamentals would you say you were missing so that I may check if I'm on the same boat as you.
@@UnknownSend3r HTB is still great, and I highly advise it. It's super fun. I'm still quite unfamiliar with the Linux system as a whole. The syntax of many of the tools. And which tools to use, why, and when.
Sometimes I simply don't know where to look. But. The more practice I do, the more I learn.
Hack The Box is great, but it just kinda throws you in and you just like - do it. I like that.
Try Hack Me has stepping stones.
Give them both a shot.
DuckDuckGo and UA-cam have been extremely helpful though! xD
@@user-yd7ug3jb4t thanks, really appreciate the advice. Il definitely give HTB a go along with THM. Before I start any of them I plan to complete overthewire (along with my RHCSA studies) to get me familiar with the Linux command line. I also think since you're unfamiliar with the Linux system OTW would be a great place to start. It's geared towards those with little Linux experience who are interested in cybersec/hacking, and provides you with what commands you might need to complete each task. Goodluck on your journey.
@@UnknownSend3r I'll check it out! Good luck on your endeavours!
I appreciate your work. I am currently taking an Ethical Hacking course and find it very helpful watching you quickly go through the steps.
Dude thank you!!! This shows a lot, and how the process works, and the loved the logging your steps! I’m just starting out and this give me a great idea of what needs to be done!!!
Thanks for showing this site off, I'm about a month out from OSCP exam and I am going to run through the OSCP prep path.
Heck yeah! That's a solid plan! Hopefully I can get some videos out for the OSCP path soon. Thanks for watching!
Nate Golick good luck on OSCP exam Nate!
@@aqeebhussain9032 Thank you 🙏
All the best!
How did it gooo? :D
im very new to pen testing but I am learning. Even though I can barely follow what your doing, seeing how you actually go about the process is incredibly enlightening.
Super helpful, thank you for making this! Loved hearing how you think through this.
Thank you John for having such great videos!
Just found this video after looking into THM. I've always had easier learning from watching something get done than to just read about it theoretically. I know it's a bit over a year old but this still gave me some valuable knowledge and a few ideas on how to do things on my own later on. Thank you. Subbed ofc. 10/10 channel!
Currently a cybersecurity student and just recently finished a class on pentesting and will be participating in pentesting tournaments soon with my school. Amazing job and what a great resource that you have shared hopefully we will be using this site to practice! Thank you!
That is excellent, awesome to hear that!! Thanks so much for the kind words, I do hope you use TryHackMe to learn more and more!
my machine had port 8009 open so i spent most of the hour researching apache tomcat "ghostcat" vulnerability and was completely lost. humbled once again..
Please make more of these videos of you explaining the steps. This video motivated me to get off my couch and turn on my laptop at 1am. Thank you!!!
John, thanks for making this video. Was really great to VPN in and use my own kali box as the attack box. Learned a lot of cool stuff.
Thank you brother your funny as heck. Man, I appreciate your openness throughout this walk-through. Also your willingness to help others who may not be as far along as you are in this Field. What are your Goals after this, and have you reached them, or are you still going to make Quality Content for us Viewers to enjoy? I want to say thank you for your time and the Passion that you have for this.
Hey man I saw your red teaming exercise video a few months ago and it was crazy inspiring so I lost it when I found your channel today! I'm a cyber security student here in Canada and sometimes it feels like we have so much to learn but you do a great job explaining it! Subscribed
Will definitely check this out. Thanks for showing it
The best channel that UA-cam has recommended to me in a long time
I've been using computers my whole life and my entire career is in software but I have never really dabbled in pen testing or "hacking" even though I am familiar with the concepts. I am so glad I came across your video because it really inspired me to learn more about it and it seems like TryHackMe! is the exact type of platform that I do best on when trying to learn new concepts. You gave a very brief explanation each time you used a new utility in your toolkit but to save us time scrubbing your video and searching for everything, would mind updating the description and listing out and/or linking to what was used? Thanks for posting this video - I love your style.
I've just discovered your channel. I'm super super new at learning coding, hacking and all this, but your videos are really enjoyables! and you help a lot to familiarize with all the technical words and stuff (yeah, I'm not that technical for now XD). Thanks for explaining what you do and what you see, I've already subscribed.
wow, I loved how you did all of this in a 30 min video while it took me over a day to get it. But I didn't know about many of these tools you mentioned here. Thanks for the video and keep up the good work.
He probably already completed it on its own. I also didn't knew about some of the tools. But for example Nmap and dir/gobuster are very frequently used for recon
Just realized how much I've got to learn.
Seems like a more organized version of Hack The Box. Definitely giving this a spin.
I tend to agree -- I'm sure you will love it if you try it out, there is a lot of great activities in there!
Yeah, I visited the site today and it does feel more organized and also If we subscribe we can get paths which is amazing for newbies like myself.
More focused on learning
Thank you John for helping me learn.
this is amazing. I am so glad I found your channel. This is going to expedite my learning process so much, thank you so much for your videos. Definitely subd. great stuff.
Thanks a lot for giving the overview. Really helpful for n00bs like me.
Happy to hear that! Thanks so much for watching!
And now something more added to my 2022 "must play with"
I definitely recommend it! TryHackMe is great!
Don’t stop these videos they are amazing!!!
The only video about any code related that didn't bore me for 30 mins. Great video! Keep it up!!
I'm in IT administration for 20 years but never went in-dept in that stuff. Now you left me speechless.
if youre an admin for 20 years chances are really high that you never even properly learned about cyber security at all
Little sad that my university's IT program didn't have a pen testing course or introduction aside from mentioning it as a side topic. I took some Linux security courses focused on policies and configuration but I never really got exposed to tools such as these. However, I did take some digital forensics courses, so this was very similar to that with respect to data investigation. Also decent hint for threat modelers and network admins to pay attention to their policies considering how easily these tools can slip through.
First time on your channel and I absolutely love it. Thank you for sharing your knowledge! ❤️
i just got a basic knowledge on priv esc but this video just got me know much more that i learned in my whole life before
I watched this the first time and got motivated (Had no idea what was going on though).
So I went over to overthewire bandit and after reading TONS of articles I was able to finish all the levels(I had zero experience in this field, also had to see 4 solutions).
Now I'm in picoCTF checking out different fields(Whilst reading TONS of articles).
I came back here and surprisingly I understood most of the things that you did (Not that I know the tools you used or anything but I can relate to the concept itself).
The only thing that I have to read about to understand more is the ssh2john part.
Anyways Just letting you know that your videos are an inspiration.
I have been training since 1st October and I will be joining a capture-the-flag competition which is for middle east.
I'll keep you updated with the results (I am not expecting to get a good rank but want to see how well I can do).
ssh2john is just a command for John the Ripper for bruteforcing ssh2 passwords
Amazing. Thank you. Awesome. Do you know if "linPEAS is allowed in the OSCP exam?
As far as I know, no -- it is not in their Exam Restrictions. support.offensive-security.com/oscp-exam-guide/
I had used LinEnum without an issue. Thanks for watching!
Great demo of the tools and well deserved sub! Thanks.
Hi John. Amazing videos. Hardly had any clue what was going on but found it fascinating nonetheless. Just out of curiosity, do you know or would recommend any resources to learn absolute basics from?
I have no clue what just happened, but it was very entertaining!
Great stuff and good explained... 2 Months ago did not understand anything until went through all the Tools which were used in this tutorial.
Nicely done Mr Hammond.
This was fun to do. I have been in IT for a long time and I feel like this kind of stuff is what is going to get me really passionately back into it. I also decided I was going to use Ubuntu instead of Kali because I do like to control the packages that are on my machine, plus it is an opportunity to continue to do stuff in Linux that I do not always get to do (compile code from source etc). Really looking forward to continuing on THM and other avenues. Would really like to get into bug bounties as time permits on my spare time.
how has it gone for you?
Great vid! Should do a series of these lessons, showing the tools and the capabilities and tryhackme is a perfect site to test them with.
Absolutely plan to-- just gotta make the time for it! Thanks so much for watching!
John Hammond yes please do more video like these. Really like your approach and note taking. Hoping to learn more best practices
never knew that i actually understood and know much of if! Going to try, thanks John
Love the walk thru, as I am just getting to use their service. This was helpful to see.
It would be great if you made a catalog of all the tools you have ready in opt. Although I know most of them I never actually install them in my Linux machine and would be great to have a place where everything is kept for a rainy day :)
was expecting "i'm in" but i still love ya xd
As someone who has been learning how to code and use Linux, this video confirmed my knowledge on a lot of things and affirmed that I do indeed love doing stuff like this.
Thanks John Hammond. Great video
🙂make more awesome videos especially on the basics ... It's was even challenging for such a beginner like me to understand most of the magic you did 👍
would love a series going through some of these machines.
I'll see what I can do! Thanks for watching!
@@_JohnHammond how to made bugs cyber
Great video. I like your style. Thanks. Can't wait to see your next one.
added to my to-do list about a year ago then forgot about it and today I finally completed the room. Thanks to you.💯
"there is no shame"
that goes right through my heart xd
I love how free from shame TryHackMe is. I tried to get into pentesting very early on, I think this was the early 00's, with a similar service.
But back then, there was so much snobbery. The site was meant to be used to learn, but you got no hints, no instructions. You just loaded up the first page and was supposed to know what to do already.
This was when search engines were still in their very early versions, so trying to look up writeups wasn't an option either. Going on forums would give you one of two responses: Why are you hacking? and You don't even know the basics?
So yeah, it was hard getting into pentesting 15-20 years ago, unless you shelled out a few thousand on courses. You couldn't really go for the books, since nobody would tell you what you needed to research.
But today, with services like TryHackMe, it's much more open. Free, or close to free education for the masses. And Internet has become a much more secure place thanks to it.
Used this video as reference the two times I got stuck - helped me not rabbit hole inefficiently - thank you!
Dude, awesome video. Looking to learn more about security and you just showed me a ton of resources to get going. Thanks.
Hey John, I've recently been made redundant and I was in two minds of a career change at age of 41. I started looking into cybersecurity your channel popped up in the search results. I watched this video to the very end, I sat back in my chair, I took a sip of my tea thinking, that was f@£king cool!! I want to do that for a career. I'm now on the long path to become an expert in cybersecurity just because of your video, thank you.
Rock on! I had the same experience when corona hit. Got hired four months ago. Employees market for sure.
Just noticed you posted 11m ago. How is it going?
@@IkkeBareAnders Hi Anders, tbh at the beginning information overload to pick theough. The path I decided to go down is Hack the box learning path. Ive come to grips with the tool about 2 months ago I'm doing bug bounties hacker1 im still along way off my goal one hack at a time.
man, this was fascinating!!!!!!!!!!!!!
This is really fun to watch. I like the hands on approach!
just got this video, really just got a chance to watch. Fantastic i really hope you do more of these.
This dude must be a legit hacker...stole Seth Rogen's identity AND his voice.
hey I have never attempted Penetration testing but I would love to start because it fascinates me I just cant understand anything, I was wondering how you got started and if you have any help for me.
And? Did you start learning?
@@Juliana-mo7ef Probably not, get real lol
@@ilias5185 wdym with get real
Man that was awesome, more videos like this, it went by so fast, it was fun and entertaining
Awesome. What I like is how simple he makes it. Its a tour, explanation amd example all rolled together.
@@andrefreewill4730 awesome. I yried metasploit on my own android but I couldnt get access. Or at least results. I tried the camera and a few others. But thats why we are always learning, right? It's fun
Hi John, thanks for the great tutorials!
I have an issue. After running john2ssh and saving it into hash.txt, I run john with the hash.txt. It gives me 'No password hashes loaded (see FAQ)'. Furthermore, I tried providing it with the rockyou.txt wordlist but it keeps giving me the same error.
I’m 15:00 in and I’ve come to realize that being able to build a PC, overclock it’s hardware, instal an OS and other hardware monitoring programs is not very impressive in the world of PCs. I understood a very minimal amount of what you were doing. Looking at the source code of a website, and using the program similar to a command prompt. What you were telling the program to search for - no idea. The significance of those 4 numbers you noted down is - no idea. I imagine it would take years of practise to actual be able to hack something. My 34 year old brain isn’t a sharp as it used to be and is only going to get worse. The ship may have sailed for me regarding the ability to hack. I have enjoyed what I’ve watched so far! Well done!
@@ekonomija8718 Very good but most machines have private ip addresses within a single network space, that has its own public ip address. This is because with IPv4, around 4 billion addresses are possible, and yet we have billions of IoT devices, so we use the public one as the "gateway" into the network, usually a router, and each individual device has its own private ip address within the network
Not true if you can read you can learn it.
Thanks for everything John Hammond. You inspired me a lot as a cybersecurity student. I hope one day i will be like you. You are the GOAT.
A great fan from FRANCE ❤
Awesome. This is my first time seeing something like this. Great Job!
You’re like a more intelligent, ginger Seth Rogan. Love the video man. I’ll have to *start using tryhackme too!
Ha, thanks for the kind words! I definitely recommend it!
I was thinking the EXACT same thing lol.
this is the level of badass I want to achieve
Cheers Mate. That was awesome. To be honest this was my first PEN test video I have ever watched and thought that it was magic.
Thank you John. Sharing very appreciated!
How did you learn all this and understand it so easily? I've been interested and im a computer science major, but I feel like theres so much to learn but dont know where to start.
i have been learning from a facebook ad i saw and its really helped me heres the website. There are loads of small courses you get that build up your knowledge and even some courses that get you ready for CEH, CCSP AND CISSP
Hacking seems to be very different to what you would learn in Comp Sci but some skills you may have from that could be useful
There's a 15 hour tutorial on basic pentesting information and strategies on yt, go check it out
"Basic"
that is basic, thhe users had weak passwords like 'armando' no capitals no numbers no special chars and a short password. It's just asking to get broke into :D
@@denislavkaragiozov5876 Why would capital letters or special chars make it difficult i don't get it?
@@muath1125 If you use in a 7 char length passwort only lowercase letters, the password can easy brutforced. (26)^7 = 8,031,810,176 password combinations.
Lower and uppercase letters (26+26)^7 = (52)^7 = 1,028,071,702,528 password combinations. Lower & upper & numbers (52+10)^7 = (62)^7 = 3,521,614,606,208 combinations. Lower & upper & numbers & special chars (62+26)^7 = (88)^7 = 40,867,559,636,992 combinations. With those kind of combinations, its extremly hard to brutforce.
I recommend a password length of minimum 18 chars with lower & upper & numbers & special chars: 88^18 = 100,158,566,165,017,531,560,835,501,527,138,304 possible password combinations.
do you think hacking is just clicking buttons and done?
Great walkthrough John
This is freaking awesome, keep up with this content!
U sound like Seth rogan 😂😂
he looks like Seth rogan
@@azulamazigh2789 he is seth rogan
You're actually mentally crooked if you seriously think that
Scrolled down to find this. Not disappointed
@@azulamazigh2789 glasses and a beard, yeah sure he does....