For Cookies: You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)
I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me. Thanks Man! Looking forward to more of ur such videos so that I can keep learning.
I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.
For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented. Just check which versions you got installed with: ls -ls /usr/bin/python* If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80 That worked for me :)
I didn't know about TryHackMe until TH-cam sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.
@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup
Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.
i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!
Great video! Thanks for doing this! Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.
tl;dr: -p will tell bash not to drop privileges. --- Invocation [...] The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in file names as described below under Tilde Expansion in the EXPANSION section. [...] If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset. --- linux.die.net/man/1/bash
i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?
why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material? Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible. The fact that you press Alt+f4 many times does not make you smarter.
Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...
pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!
I watched so much John Hammond that my son was born a ginger, true story.
damn😂
STOP LYING IK U R
Whether or not that's true, that's funny.
Umm who’s gonna tell him
maaan! dont make me sick😂
It would be interesting to see your TryHackMe streams without preparations, just cracking tasks in real time with chat. BTW, I like your CTF streams.
For Cookies:
You can press F12 and then go to the "Application" tab and then in the left is another menu where you can access the Cookies and add / edit / delete them, no need for a chrome plugin :)
John hammond is that guy with whom you can hangout and discuss all the geeky stuffs and still look damn cool. Awesome John
I just finished that room, I can’t wait to see how you approched this one !
He's such a kind respectful man, thank you very much for the walkthrough,Cheers
I have been studying for the linux and it's tool since a month or over and ur video was the first video of a practical hand season for me.
Thanks Man!
Looking forward to more of ur such videos so that I can keep learning.
I wonder if I'm the only one watching who doesn't have a clue what you're doing, I mean outside of the fairly obvious conceptual aspect of it. Still fun and interesting to watch despite the fact that I lack the technical knowledge that goes behind it.
If u start to learn hacking on tryhackme you will understand very fast
You're a spy of mordor.
That privesc segment was absolutely splendid and educational, thank you so much John
For anyone else having problems (or simply having no clue what to do) with setting up the http.server with python. It is possible you got several different python versions installed and the standard "python" command uses a version before the (i think python3...) module was implemented.
Just check which versions you got installed with: ls -ls /usr/bin/python*
If you got python 3.8 or 3.9 installed just use John's command including the python version: sudo python3.9 -m http.server 80
That worked for me :)
Great video John!!! It's always a class watching your approach, thanks for spreading knowledge.
Great work, love how you walk us through it
I didn't know about TryHackMe until TH-cam sends me a notification of this video which belongs to a channel I didn't subscribed to. The website immediately catches my attention. Fascinating how youtube recommendation system works. Thanks for making this video.
100% same happened to me
Damn, that's a cool box. I've got to try this and Overpass2 now. Thanks for your great video John!
Hello John. A hug from Brazil. Your CTF videos are sensational. Explore more content in this theme. See you later!
@John Hammond do you have a video where you discuss how you get set up to tackle these boxes? i.e. connecting to a VPN, setting up any proxies, spinning up a VM, etc? If not would you be able to give a brief overview here or create a video for that? Would love to see your process for getting setup
Yo John! Sorry if you’ve answered this before. Are you running Ubuntu on a VM, or bare metal?
Hello John is there any reason you use chrome and not Firefox, or it's just personal preference?? Love your videos!!!
(20:41) - Using John to crack ssh key passhrase, NICE!
I am currently studying json exam quite in depth
*almost types "/home/tryjackme"
John: Woah! Careful there John
I died!!!!!!
Haha same here!
Hey John, I started watching your videos yesterday and am really enjoying them. Just wanted to let you know that this video is not in your TryHackMe! playlist.
Thanks for the heads up! Just added it in. :) Thanks again!
Just out of curiosity, how long does it take to actually solve these boxes?
i decided that instead of plowing through the beginner materials in tryhack me and joining rooms that i can mostly not ssh into and getting frustrated over, i went straight into practice section and i'm so glad i did. i found this guide and i learned infinite and your passion and enjoyment really showed through this vid. i had a few laughs here and there, thank you!!!
Ever considered ffuf? or is Gobuster just your go to preference?
Hey just a question ! ,
how did you know that the output of cat .overpass is a rot47 algorithm (at 22:37).
Love your videos btw
You find it out through by looking through the source code of overpass itself.
when you VPN into the challenge box does that not mean all your network traffic from your local computer is going through that box?
Hacking aside, John also makes a good suspense actor
it was crazy how did you found flaw in log.js , i had no idea about it,, amazing
Love from india @John Hammond
We love your thm content..and also do more on hackthebox...
Great video! Thanks for doing this!
Do you have a link for the documentation of what the -p flag does with /bin/bash? I'm having trouble finding it on the man page.
tl;dr: -p will tell bash not to drop privileges.
---
Invocation
[...]
The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in file names as described below under Tilde Expansion in the EXPANSION section.
[...]
If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
---
linux.die.net/man/1/bash
What are the pre-requisites to have known before solving this room?
i get lost when you say convert the format to something that john can read.. so are you just changing it to a txt format?? are you copying the info then putting it into txt?
Great video but HOW do I get linpeas onto the victim side WITHOUT your automated script/tool?
obviously man ..this vid deserves a like :3
Glad yr back again in it keep it up
Awesome video John!! Thanks for sharing! Quick question, why do you run tee with nikto scan and not gobuster?
I eagerly wait for your TryHackMe ctf videos. Please upload more. ❤️ Love to watch your videos and learn from you. Thank you 🙏
thank you, John, I have always enjoyed watching your videos please make more.
Great Job! Greets from Germany
Well done !
why do most of the "hackers on youtube" waste so much time trying to appear spontaneous when we all know that you prepare a lot in advance and besides that you also edit the material?
Instead of wasting your neurons trying to appear smarter than you are, you'd better concentrate on transmitting as well as possible.
The fact that you press Alt+f4 many times does not make you smarter.
As a newbie, it's tough to understand for me, looks interesting
Just a Question. What does "-p" in /bin/bash -p
Love me some John "2 videos in 2 days" Hammond. Great Content!
yeah yeah, keep making video, i just have completed the introduction room after watch your video.
Good job
Very interesting video, I learned a lot, cool way to get root privileges at the end, thanks for sharing!
All the stars aligned, root cron that executes a shell script from an external source and a writeable /etc/hosts... Damn...
Very enjoyable to watch :)
waiting for john to write something in the readme file👀
Could you share your "upload_files_nc.sh" and "upload_files_wget.sh" on your github? thanks!
can anyone help me , what the tag -p of /bin/bash means ?
I like your singing.
Thanks!
Admittedly it is a CTF, but I do find the cascading failures a bit weird - I mean, I wonder if it would be possible to make a slightly more "realistic" example that doesn't rely on /etc/hosts being modifiable? the fact the .thm site was original hosted on localhost suggests there might be something else ...
This excites me
Grande
This is definatly not a easy box catogory
pfff im just starting but if this is easy than it will be a steep, very steep learning curve ... maybe this is easy for an expert, but I doubt if this is easy for a beginner..... but thanx for the vid, this will help a lot!
Hi John, Great Videos Any chance you could walk us through setting up Cloudflare's Flan Scan?
Ty
Nice!
Thast awesome brother ^^
So cool
Love from your discord server @John Hammond
Güzel içerik
Great video again. But could you use pwncat next time?
Great
Wow! That was cool😎!!
this box was awesome..
what was that system password for? Found any use for it?
which terminal is that?
Terminator
That's brilliant, but I like this
please tell me what terminal multiplexer you use
I am using Terminator. I love it!
@@_JohnHammond thank you very much ... You've been my inspiration and effective immediately i will start using terminator
❤️
Nice
Whats the use of /bin/bash -p ??
The -p option ensures that the effective user id is not reset.
NICE ED SHEERAN
Hi John I really do like your vids . Could you pls slow down a bit...You do things too quick for us the newbies... :)
Nice. Ohhh💗
tryjackme lol.
careful john
Doing the yt algorithm thing
when i'm running python -m http.server command why it is coming command not found
sudo pyhton3 -m http.server 80
sudo: pyhton3: command not found
8:00 is it python or js ?
I would say it’s js.
That -p would have helped me if i saw it yestersay for overpass 2...anyways alrdy done😅
When did ed sheeran starts writing codes
it was medium room
33:45 tryhackme on the way to sue you for defamation
TRY JACKME LMFAO
This would be better if you didn't practice this before you did it
K
This looks like a clone of hackthebox.eu
I keep trying to subscribe but the only option I get is unsubscribe I can't figure it out... maybe next time. =)
John Hammond sar windows 10 OS use ethical hac**king course. Please🌹🌹🌹🌹🌹🌹🌹🌹🌹🌹
#sudo apt hack 'John Hammond'
#password:
#access denied
I like to do the follow along but when I enter the command " subl " on tryhackme it says command not found.
nice