- 112
- 194 149
Mr Ash Co
Australia
เข้าร่วมเมื่อ 23 ก.ค. 2017
Curious about cybersec, python & hacking.
tryhackme publisher walkthrough
Let's take on the Publisher machine from TryHackMe! We'll enumerate using directory fuzzing and version identification to discover a Remote Code Execution (RCE) vulnerability. From there, we'll dive into attempts to escalate privileges using a custom binary, but hit some roadblocks due to restricted access. But we'll dig deeper to uncover a loophole that lets us execute an unconfined bash shell and achieve privilege escalation.
Subscribe - youtube.com/@mrashco?sub_confirmation=1
Keep Watching:
python ollama read local file (EASY) - th-cam.com/video/IsEYXyMkRF8/w-d-xo.html
notion to obsidian (a better note solution) - th-cam.com/video/3BRnO-YCw-I/w-d-xo.html
cyber security for beginners - th-cam.com/video/2om3wb9spg4/w-d-xo.html
Blog - mrash.co/
- - -
00:00 - Intro
00:04 - Challenge Description
00:47 - Initial Enumeration (AutoRecon + nmap)
04:00 - Directory Fuzzing (feroxbuster)
05:29 - Exploit Research (searchsploit)
10:23 - Pivoting to System User (SSH)
12:07 - Internal System Enumeration
16:12 - PrivEsc (LinPeas)
- - -
ctf, publisher, ctf machine, enumeration, directory fuzzing, version identification, remote code execution, rce, privilege escalation, custom binary, loophole, bash shell, system security, restricted access, cybersecurity, hacking, penetration testing, ethical hacking, infosec, vulnerability, exploit, exploit development, security research, hacking tutorial, beginner friendly, ctf walkthrough, cybersecurity tutorials
- - -
Subs: 2,468
Hours: 10
- - -
Music - go.mrash.co/music
All of my opinions in this video are my own, I was not paid to make this video. Whenever there is a link in any of my videos, if there is an affiliate program available, it's safe to assume that you are clicking on an affiliate link. Please check my website for any associated bonus I may be offering, for supporting me or ask in the comments below.
#tryhackme #publisher #walkthrough
Subscribe - youtube.com/@mrashco?sub_confirmation=1
Keep Watching:
python ollama read local file (EASY) - th-cam.com/video/IsEYXyMkRF8/w-d-xo.html
notion to obsidian (a better note solution) - th-cam.com/video/3BRnO-YCw-I/w-d-xo.html
cyber security for beginners - th-cam.com/video/2om3wb9spg4/w-d-xo.html
Blog - mrash.co/
- - -
00:00 - Intro
00:04 - Challenge Description
00:47 - Initial Enumeration (AutoRecon + nmap)
04:00 - Directory Fuzzing (feroxbuster)
05:29 - Exploit Research (searchsploit)
10:23 - Pivoting to System User (SSH)
12:07 - Internal System Enumeration
16:12 - PrivEsc (LinPeas)
- - -
ctf, publisher, ctf machine, enumeration, directory fuzzing, version identification, remote code execution, rce, privilege escalation, custom binary, loophole, bash shell, system security, restricted access, cybersecurity, hacking, penetration testing, ethical hacking, infosec, vulnerability, exploit, exploit development, security research, hacking tutorial, beginner friendly, ctf walkthrough, cybersecurity tutorials
- - -
Subs: 2,468
Hours: 10
- - -
Music - go.mrash.co/music
All of my opinions in this video are my own, I was not paid to make this video. Whenever there is a link in any of my videos, if there is an affiliate program available, it's safe to assume that you are clicking on an affiliate link. Please check my website for any associated bonus I may be offering, for supporting me or ask in the comments below.
#tryhackme #publisher #walkthrough
มุมมอง: 654
วีดีโอ
python ollama read local file (EASY)
มุมมอง 2.8K4 หลายเดือนก่อน
Let's code a super simple script to send a local file to ollama using python. Subscribe - youtube.com/@mrashco?sub_confirmation=1 Keep Watching: notion to obsidian (a better note solution) - th-cam.com/video/3BRnO-YCw-I/w-d-xo.html cyber security for beginners - th-cam.com/video/2om3wb9spg4/w-d-xo.html upgrading to kali linux 2024.2 (EASY) - th-cam.com/video/ZSDE5Wai1d0/w-d-xo.html Code - mrash...
notion to obsidian (a better note solution)
มุมมอง 1K4 หลายเดือนก่อน
Let's look at going from Notion to Obsidian. Subscribe - youtube.com/@mrashco?sub_confirmation=1 Keep Watching: cyber security for beginners - th-cam.com/video/2om3wb9spg4/w-d-xo.html upgrading to kali linux 2024.2 (EASY) - th-cam.com/video/ZSDE5Wai1d0/w-d-xo.html how to install Kali Linux VirtualBox (latest 2024.2) - th-cam.com/video/B94XCbnmauQ/w-d-xo.html Notes - notes.mrash.co Blog - mrash....
cyber security for beginners (plus FREE resources)
มุมมอง 3204 หลายเดือนก่อน
How do you get into cyber security? And what even is cyber security? Let's go over it together, once and for all. Plus you can get started with the basics and free resources! Subscribe - youtube.com/@mrashco?sub_confirmation=1 Keep Watching: upgrading to kali linux 2024.2 (EASY) - th-cam.com/video/ZSDE5Wai1d0/w-d-xo.html how to install Kali Linux VirtualBox (latest 2024.2) - th-cam.com/video/B9...
upgrading to kali linux 2024.2 (EASY)
มุมมอง 2.1K5 หลายเดือนก่อน
Upgrade to Kali Linux 2024.2! Let's go over the process of upgrading your Kali Linux distro to the latest 2024.2 version. And then let's look at some fancy new tools like Autorecon and spolitscan. Subscribe - youtube.com/@mrashco?sub_confirmation=1 Keep Watching: how to install Kali Linux VirtualBox (latest 2024.2) - th-cam.com/video/B94XCbnmauQ/w-d-xo.html BURP suite basics TryHackMe - th-cam....
how to install Kali Linux VirtualBox (latest 2024.2)
มุมมอง 1.4K5 หลายเดือนก่อน
Hey everyone! Want to learn how to install Kali Linux on VirtualBox safely and easily? This video is your one-stop shop! We'll walk you through everything, from downloading the software to configuring your virtual machine. Perfect for beginners interested in ethical hacking and penetration testing. Let's get hacking (ethically)! Subscribe - youtube.com/@mrashco?sub_confirmation=1 Keep Watching:...
CyberLens TryHackMe Walkthrough (@TylerRamsbey)
มุมมอง 3045 หลายเดือนก่อน
Ah, there's the upload button. Welcome back to TryHackMe, this time CyberLens. Writeup - mrash.co/cyberlens Notes - notes.mrash.co - - - 00:00 - Intro 00:20 - Start Here 01:34 - Initial Port Scan 02:49 - Web Server Enumeration 04:14 - Further Port Scan 05:16 - Further Web Server Enumeration 06:29 - Unusual High Port Service 07:47 - Service Version Exploit (Metasploit) 09:54 - Initial Access (Me...
cold BOX easy TryHackMe (colddboxeasy)
มุมมอง 41710 หลายเดือนก่อน
What a series of problems in this one! After upgrading to Windows 11, I've ditched VirtualBox (for now) for WSL. Enjoy my series of "nothing workings" while I retrace my steps for this walkthrough for Cold Box Easy. Thanks for watching. Notes - notes.mrash.co Blog - mrash.co - - - tryhackme, ethicalhacking, cybersecurity, cybersec, hacking, informationsecurity, pentesting, ethicalhacking, cyber...
opacity TryHackMe // GIVEAWAY @TheXSSrat
มุมมอง 26811 หลายเดือนก่อน
TryHackMe's Opacity is a 'easy' Boot2Root room for pentesters and cybersec enthusiasts (like you!). Plus, for black friday, checkout the free giveaway bundles below. #giveaway • #blackfriday • #tryhackme Free XSS RAT Bundles (x3) - go.mrash.co/xssRatHouse3 - - - Room - tryhackme.com/room/opacity Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music - - - 00:00 - Intro 0...
chill HACK TryHackMe
มุมมอง 1Kปีที่แล้ว
Chill Hack CTF from TryHackMe, enjoy. FREE $5 TryHackMe Credit - go.mrash.co/tryhackme #tryhackme • #hacking • #ctf - - - Notes - mrash.co/hacknotes Room - tryhackme.com/room/chillhack Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music - - - 00:00 - Start Here 01:06 - Recon: Port Scan (rustscan) 02:52 - Recon: ftp Anonymous 04:17 - Recon: Apache Web Server 06:26 - Re...
brooklyn NINE NINE TryHackMe
มุมมอง 223ปีที่แล้ว
Here's another TryHackMe room, this time Brooklyn Nine-Nine. Enjoy. FREE $5 TryHackMe Credit - go.mrash.co/tryhackme #tryhackme • #brooklynninenine • #steganography - - - Notes - mrash.co/hacknotes Room - tryhackme.com/room/brooklynninenine Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music - - - 00:00 - Intro 00:21 - Start Here 00:56 - Enumeration 02:37 - FTP Anonym...
BURP suite basics TryHackMe
มุมมอง 10Kปีที่แล้ว
As the title says, this is my TryHackMe Burp Suite The Basics Walkthrough... how else can I describe it? FREE $5 TryHackMe Credit - go.mrash.co/tryhackme #tryhackme • #burpsuite • #hacking - - - Notes - mrash.co/hacknotes Room - tryhackme.com/room/burpsuitebasics Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music - - - 00:00 - Intro 00:21 - Start Here 00:31 - Task 1 ...
tech SUPPORT (techsupp0rt1) tryhackme writeup
มุมมอง 268ปีที่แล้ว
TECH SUPPORT ROOM, enjoy another TryHackMe walkthrough :) FREE $5 TryHackMe Credit - go.mrash.co/tryhackme #tryhackme • #roc • #hacking - - - Notes - mrash.co/hacknotes Room - tryhackme.com/room/techsupp0rt1 Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music - - - 00:00 - Intro 00:26 - Start Here 01:12 - rustscan 01:51 - http port 80 02:08 - feroxbuster 02:51 - hidde...
NOOBS CTF (n00bzctf) 2023 writeup
มุมมอง 829ปีที่แล้ว
Welcome back, let's go over n00bzctf2023. A great beginner ctf challenge that's just finished up. I had a lot of fun with these challenges and learnt some new stuff. Hope you enjoy my recap slash writeup thing, thanks for watching! #ctf • #hacking • #cybersec - - - n00bz - n00bzunit3d.xyz/ Notes - mrash.co/hacknotes Website, Blog, Newsletter & More - go.mrash.co/links Music - go.mrash.co/music ...
my DOCKER homelab
มุมมอง 482ปีที่แล้ว
Yo yo yo, let's re-set-up my homelab. I'll cover everything from wiping the drive to containerizing Uptime Kuma, Speetest Tracker, Watchtower, Guacamole, and Jellyfin in Docker. Also got a quick fix for the Docker containers not being able to read the hard drive using Crontab. If you're interested in setting up your own homelab or just want to see what I've done, enjoy! #homelab • #docker • #ub...
most wanted! dark waters kase scenarios /2
มุมมอง 247ปีที่แล้ว
most wanted! dark waters kase scenarios /2
what's this town HIDING? dark waters kase scenarios /1
มุมมอง 463ปีที่แล้ว
what's this town HIDING? dark waters kase scenarios /1
picoctf EASY web crypto forensics walkthrough /3
มุมมอง 164ปีที่แล้ว
picoctf EASY web crypto forensics walkthrough /3
Sir i watch this video but at last the bash is not executing Note -- i double chack the permissions and permissions are correct can you assist me with this
thank you
Thanks for the video! Is there a way to scan through a directory and have the model read and remember each of the files contents? I am interested in creating an AI Agent on my system that will read the directory my react-native project is in and update the model with this knowledge. That way I can just ask it questions or use autocomplete with Continue and not have to provide context, it would already know all about my project.
thank you for being here for us
for whatever reason when im trying to do the reverse shell and i have to do the .RUN ping <ip> -c 1 its not responding on the reverse shell
trying to use tar does not wrok got until here
2 years later its still one of the best videos out there. making me feel not stupid because they do have weird questions I dont fully understand as well lol
thank you!
what i dont get about this challenge is sometimes it will show that more but other times i ssh that bandit text doesn't show so no 'more' for me
oh i get it now, i just added -p 2220
thank you dear , greate vdo
You're a legend, mate! 🌟
What are those?! Next to the sudó and update what are those 6’s?
&& ?? An ampersand (&) is a symbol that means 'and'...
thank you.
Which software can I use in cyber security
You made it look so easy man, thanks a lot !
I did a system upgrade and it shows the Kali screen for a split second, then the PC hangs at 3 dots and sits forever, then it finally ends at a login text prompt. I can log in and see my files, but its just plain linux text (no GUI). I have everything on the PC for my home business, so this is pretty disturbing. It looks like the upgraded version conflicts with my graphics driver? I don't know. Is there any way to reinstall the Kali OS from a live USB, nondestructively, without it overwriting all my programs? I have Blender for instance, firefox bookmarks, documents all that stuff. I should never have upgraded :/
This is why I dont like upgrading in Linux. In the future install Timeshift so that you can restore and go back. Its bailed me out many times.
@@discretion4362 this is EXACTLY what I want. Does this let you save the state and go right back to that moment? Where did you get this
I finally fixed the system so it boots, it was an incredibly stressful night. Right now I'm setting up an emergency live USB, but I'll be installing Timeshift next. I never upgrade anything unless I have to. In this instance I was trying to install Google Authenticator and it ruined the entire system. Never again....
@@c.rutherford Glad to hear you got it worked out. Linux is very finicky. Time shift is very easy to install and use. It backs everything important including system files up. Best of luck.
@@discretion4362 I created a Kali live USB with persistence with Rufus, worked great until it accidentally got shut off power. Now it boots but the persistence no longer works. The persistence files are still there, but it won't load anymore or save anything across boots. Surely this happens to everyone eventually. Have you got a video on that? lol
thanks for creating these videos. I truly appreciate it a lot. Love from Vietnam
my streak is the same as yours when I'm doing it, cool!!!! edit: as well as the number of comments after this comment
idk why the does the sql does not want to be connected to be on a sql session it gaves me an error , idk why , this is the error : ERROR 2026 (HY000): TLS/SSL error: no certificate or crl found
getting the same thing
@@jamesonbos7742 u have to try -ssl=0 bcs its about the sql client rejects the ssl certif coming up from the sql server
@@jamesonbos7742 it worked with me
@@jamesonbos7742 you can try this it worked for me : mysql -u root -p -h 10.10.xx.xx --skip-ssl
try : mysql -u root -p -h 10.10.xx.xx --skip-ssl
seems like their isnt one rightw ay but many , or atleast in the tutorial they gave us. im just glad i wasnt the only one who was freaking out.
you crack most of it from crackstation
bad
When I try on 1:03:16 the command nmap -sX -p 0-900 -vv target IP I get 995 closed ports.
I was not here to guess
Ssh user cappucino password password with hydra sudo su ... id 0 whoami root
My reverse shell do not work😢
Awesome video mate, I have only one question how did you assume that name while SSH that it is Cactus only but not Johncactus how can I find this information? Thank you.
thankyou bro, really appreciate the honesty
When i run the msfvneom with the local ip and copy the mkfifo command, then i run nc -lvp 4444, and only then i run in the telnet connection ".RUN mkfifo ..." the netcat command dosen't do anything, how can i solve this?
Awesome video! Was definitely helpful in allowing me to solve this one. I did struggle with the escalating the privileges using the method you used, so will definitely need to review that again to better understand it!
yeah same, privesc on this one was tricky as.
tnx
Tnx! It's much easier to understand with you.
Glad to hear that!
Another banger M8, thx 4 the great content!
im actually considering doing opposite. used obsidian for a few years now and havent tried notion, but i feel like iv kind of reached the limit with obsidian. the plugins do help but iv kind of got to the point where ill begin to have lines of code and stuff to do what i want, where in notion from what iv seen it can be done much simpler. im mainly using obsidian for my "life OS" currently which as you said forcing it to do something it wasnt made for. i do plan to have a knowledge system but from my understanding notion has in text links as well, not sure about backlinks, so it would work just as well. the only thing i see as a negative on switching would be losing the local access. i think that ill give it a go in obsidian but if that fails ima make the switch.
also the formatting of notes are a big issue for me, as theres a limit to what you can actually do. its possible to use custom css snippets, but this conflicts with some plugins such as dataview. eg, if i put a dataview query inside a div it breaks. but yeaaa. also databases yep, but obsidian has a plugin for this which im yet to try.
Super interesting. Notion backlinks similar to Obsidian. There's a lot of cross over tbh. Heck, maybe Notion would suit your needs more. I think I got so caught up in the rise of Notion and all the templates etc. you can customise Notion but in the end I didn't need any of its extra features. My "life OS" is far more stopped back these days. So for me, Obsidian is perfect. I hope you find what works for you, whether it's Obsidian or Notion. Or hey, I know people use both for different things.
@@mrashco noted, thanks!
sir can you help me
Of course, I can try! What's happening?
Streamlit does a better job at creating an ollama GUI rather than all the other options out there.
Yeah cool. Streamlit looks good for making an app. But WebUI looks good just to use Ollama with a UI instead of a terminal.
Love your accent. Keep up the good work!
Thank you! I don't have an accent, you have an accent 😂 Appreciate you leaving a comment
thank you. that was really helpful to understand the room. have a nice day bro
No worries at all. It was a pretty tough room, especially since there's a lot more Linux rooms. So I always struggle a bit more with Windows. Enjoy!
Thank you for doing these videos, they help out a lot! Keep up the good work.
No worries, glad these older videos are still useful 😀
@@mrashco Very much so! I went through a few other tutorials before stumbling onto yours. I like your way of thinking
Awesome! I’ll have to give Obsidian a try!
It's worth it, let me know how you go!
there's no way i am the first one seeing this masterpiece thx a lot for helping me out i am trying to get out from being a skid and do real work
No worries ♥️ Glad it's helped out. And idk about "masterpiece" but I genuinely appreciate the kind words!
which is the diference between : -t4 and --min-rate 5000 for exemple ?
-t4 uses up to 4 parallel connections when scanning a target. So it speeds up the scan process by sending packets to multiple ports simultaneously. --min-rate 5000 sends packets at a minimum rate of 5000 packets per second. This can significantly speed up the scan if your network can handle it. But, scanning too fast can overwhelm the target network and lead to inaccurate results.And firewalls might throttle or block scans exceeding a certain rate.
is the premade box faster than the iso
I've never tested, probably similar though. VM version has more configured out-of-the-box, so I guess there's more to load. But I doubt day to day there'd be much performance difference, if any.
Upgrading to Kali Linux 2024.2, how fun! Love catching errors after I finish a video 🥲 Timer at the end isn't a count down, voice audio delayed, I think I saw a spelling error maybe... well, I can't fix it all up and replace the video now. Enjoy!
This video was a god's send. Subscribed. I will say, you move a little fast and it would have been nice to do this on TryHackMe's VMs. Even still, those are not big issues, and your video was awesome. Definitely gained a subscriber.
Yo! Thanks for the comment. Question(s), is it I talk too fast? Or is it the edit of the video? Like do I skip ahead too much? Thanks. Just wanna know for the future videos!
@@mrashco First, this is such a MINOR criticism. Your videos are awesome and very helpful. What I was referring to was moving around the sites and coming to certain conclusions, but again, it's very minor things. Keep up the great work!
Ah okay, thanks for explaining. I'm trying to find the balance to keep video moving forward without getting stale. Sometimes I can over edit. But thanks! I'll keep at it 😀
Awesome tutorial! Thanks a lot mate! :)
No worries at all, thanks for leaving a comment 😀
Awesome tutorial. Thanks!
Thanks for the comment ♥️
Yooo great work sir!
Yeww! Thanks for checking it out :)
It was free ?
I think this one is free yeah
How were you able to ssh into the target machine? I connected to openvpn successfully but can’t connect ssh it says permission denied
Hey there, seeing "permission denied" after connecting to TryHackMe's OpenVPN could be due to incorrect credentials or firewall restrictions. Ensure you're using the exact username and password provided in the room instructions, not your TryHackMe login.