Plundering AWS S3 Buckets - HackTheBox

Pwncat, linpeas juggling and then that auto deletion of files from files folder.. Entertainment with learning😂.. awesome video....thanks

When I found myself screaming "IT'S IN ADSERVER JOHN!!" I realised I learned something from watching this channel.
Thanks John, stinkin love your content! You're one of the more vibrant pen-test people I know of and watching you wiggle your way through this and that is really entertaining and informative at the same time. You could probably teach this stuff professionally through those platforms like skillshare or brilliant!

This is fantastic and I'm so happy I found your channel! I just participated in my first CTF (HTB Cyber Apocalypse) and it was so much fun! I didn't do too great, but learned a ton. Thanks for getting me into this fun 'hobby' to help build my skills as I work towards a career shift.

1:00:24 got that Batman voice on point! :D

I do not live in this coding/hacking world at all, but, this was very interesting to watch. Thank you for creating this content

Fun walkthrough of a great box. Great job, John!

How random - I've met one of the guys who founded Hack The Box. He lives in my hometown. Glad to see it's launching into something really cool and getting attention - not surprised though, he was a very astute fellow.

this video and your content in general is mind blowing. Truly awesome stuff!

john this was genuinely one of your best videos!!

Awesome john, So much useful data in one video.Thanks appreciated

Love that everytime John tries to showcase Pwncat it just breaks in some way

Brilliant job John. Please keep them coming!

*Put a magnifying glass on your computer if you see red bugs you are in malware*
- John Hammond 2021 😹

I saw your name pop up on the activity feed for the box a couple of days ago. I was hoping you would make it into a video, very cool.

It never ceases to amaze me how much of a security hole can be. LOL

Loving this type of content!!!!

I love your way of thinking!

We are now on amazon's watchlist.

''Dang it'' part really got me!

I loved this machine !! I learned di much about aws dynamodb

"aws get-buckets" - Uncle Drew

Awesome job love it !

This was a very cool action Movie! Maybe Mr. Robot season 5 with John Hammond? :D

Great video John!

awesome content, thanks john

I must say I get some Ippsec Vibes with the Ip Adress and how your saying the nmap stuff :D. But Grreat Video

I wish the audio was a bit louder 🥺

Great, really liked this

You make it look too easy. I get inspired and try and realize quickly my experience is lacking haha!

That was friggin awesome John

Fun stuff! Wonder what would have happened if you had tried sshing with the usernames in their correct case.

I learned so much today

love your videos dude !

First person on yt who doesn't une neither Parrot nor Kali.

This is extremely cool

Great music John Hammond xd

More Cloud John!
Thanks a lot, as always :)

You are the best Jonny

Awesome John !

This is top-of-the-line material. I read a similar book that was a huge turning point for me. "AWS Unleashed: Mastering Amazon Web Services for Software Engineers" by Harrison Quill

WWJD, What would John do? That's how I approach these challenges in HTB and THM. After watching these videos your voice and logic get stuck in my head!

Just to inform everyone who are doing OSCP... Linpeas has been banned by oscp because of auto-exploitation feature... Again Linpeas creator reached out to OSCP and confirmed that there is no auto-exploitation feature on linpeas.. So OSCP agrees for the new version of linpeas and banned older version of linpeas so be careful....

straight up cool

John is the best

Stop saying you're bad at everything. You're learning.
I get the temptation but think of everyone watching who likely is newer to this than you. They also are just learning.

John: How do I use this?
Server: tutorial.start()
John: Nope...

i wish for more htb content in the future

Peculiar john

This video show that I know more about something John doesn't, hahah 😂

nice one John...

31:46 I think the fi you commented out at the bottom was a mistake

Does the endpoint url take the place of access keys for the AWS cli? So because it's public you don't need any access & secret keys?

It contains a bucket.
Dear God...
Scout, SEDUCE ME!

Rick and morty creator knows coding??!? This dude can do it all

Nice!

Epic skillz

🤯👌🏼💯

nice

fudge btw

Content is awesome but i would suggest timestamping videos which have length greater then 30 min.
Helps a lot!

And i like your outro.

Great video, but how did you know that pd4ml had this specific file inclusion vulnerability without researching?

AWS top! John

What's the importance of adding the entry to your etc/hosts file near 3:30?

I know NMAP is kind of the go-to for port-scanning. Have you tried Rustscan? It's built on top of NMAP but runs port scans much faster with exactly the same scan options.

It triggers me if you add options after arguments, but I like it that you stick to the IPpsec method

Resources you have shared with us such as TH-cam videos and blogs are enough to crack OSCP exam or should we join any institutions to gain knowledge....?

Beginner here. And i look up to the mountains and i see John Hammond😅...and my journey begins.

more of this please?

Maaan whyyyy whyy u did not shared this 2 days ago. I had a HW project about AWS pentesting. I had got only some old staf...

Hey There Seth Rogan!

it was not possible to see the flickering lights in the video.

Hey. John... Please make a course for newbies to advanced 😭😭🙏🏿🙏🏿🙏🏿please

Ooop...the voice is little down ...!!

Yo how do u Zoom In in the terminal Lol

Audio volume little bit low compared with other videos

how come he was able to use aws cli on the bucket despite using random secrets?

i8ts areally awkward watching you pretend to not know this stuff and or have not read these exact pages. Still love the channel

Man you are awesome 🤘🤘🤘......There was only one part that I didn't really understand. How did you run the .php in the S3 bucket??? because S3 only works with static webpage. It was not supposed to run .PHP 🤷‍♂️🤷‍♂️🤷‍♂️

You getting more views than ippsec now 🤨

Nice HTML LFI xD

For yt algorithm

Showing Root_id_rsa : invalid format . Why?

Hello sir I have been watch TH-cam for awhile now i saw your using ubuntu as your primary os soo my question is why u don't use kali or parrot os or any other Linux distribution????????????

What a handsome whitehead

Can we hope for htb contents

You plunder

etc/ is pronounced etsy. not etcetera, is it not? Semantics, but, I love your content. I am aware this video is a year old.

Где subtitles?

Please fix the audio - it's too quiet

where is the flag

Hey John, Your content is awesome man, but it is not recommended for script kiddies to learn real hacking because your content requires some level of knowledge on hacking/programming, 'coz to be honest, i have been trying to understand your videos where i am now solving ctf challenges and still find it a bit confusing to understand your videos sometimes, anyways
it's still a rich content!

I said fug guysss😂😂😂😂

Like first 10 comments; else:unsubscribe ("Mv to liveoverpellow");