TryHackMe! [Web Vulnerabilities] Local File Inclusion
ฝัง
- เผยแพร่เมื่อ 16 ก.ย. 2024
- If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond
Thanks John! I'm a newbie out here in the world of cybersecurity, your videos are helping me out A LOT. Keep it up man!
Very happy to hear that, thank you so much! And thanks for watching!
@@_JohnHammond that's true
Fantastic job! Every thing that you do start to finish is vitally important. Your doing much more than simply giving answers to rooms; You are teaching your thought process and a general outline one should take each and every time. Repetition is a great teacher and having a structured strategy to follow is what it takes to succeed. So just wanted to encourage you and thank you for your hard work and time!
Youre not losing quality and anytime you feel like it, you can always slow down the video upload freq. Im sure a lot of us will understand. You do amazing work and I dont want you to get burned out by it.
tip on socat if you don't want to bind or reverse the connection:
sudo socat STDIN EXEC:/bin/bash
Oooh! That is AWESOME! That's not even in GTFOBins, you should definitely submit a pull request! And thanks for watching!
@@_JohnHammond pull request submitted :)
Great man i did using your trick and its included in gtfobins rn :)
@@_JohnHammond nice wabsite i love yiu
Hey man, I'm new to your channel but wow, have been loving your content! I've learnt more just watching and listening to you than I have picked up in years. Thanks! and I'll see you around.
I know this is an older video, but the difference between this and your latest ones is that you take more time in the later ones. You zoomed through this at such a pace, wildly alt-tabbing between pages that it was (at times) difficult to follow. I found myself having to constantly stop the video and try to work things out by looking at the image rather than listening to your voice. Still, learnt something I didnt know, so keep up the great work :-)
I used to watch your videos when I was 14, learning how to making games in python. Now I am in uni and here you are with your amazing videos. Thank you!!!
this video is a life saver. sometimes THM doesnt have things portrayed thats easy for me to understand. you have helped a lot.
Ok im addicted to this channel. Good work ! Greetings from Argentina
Thanks, John!
Keep up the great work man. I just subscribed to tryhackme with 0 experience and I’m loving the website.
John "HAMMER-TIME" Hammond!!! Luv ur stuff! lol n applause! tnx 1000 for entertaining with your amazing skills!!
Thanks & respect John! I'm a newbie from Bangladesh💓💓
Thanks John. Looking forward to more live streams (:
Hoping to do more on the weekends! Thanks so much for watching!
Another great video John. Thank you.
I wanna see John dance to his outro music
Maybe in the 100k subscriber special? ;)
Thanks so much for watching!
John Hammond 100k subs done sir
@@_JohnHammond you have more than 100K subs. When are you going to fulfill the promise?
In @John Hammond's defence he did say maybe🤔🤔🤔😁
Hey John. Fantastic work mate.
You're a king. Well played man!
You are awesome 😀
I LOVE THIS GUY
I LOVE YOU TOO!
Thanks so much for watching!
You r my fav teacher
john can you make a video on setting up your terminals and all your shortcuts and keybinds you use to maneuve around quickly, you are the only person that rips around terminals seamlessly, i would love to learn how to do it like you
"i jest hate doing algorithms" we all do dud
Keep up the good work !
More on the way! Thanks so much for watching!
McLaughlin Mills
Hey John! Love the videos and the KOTH live streams. I'm still a beginner in this field and one of my biggest problems I think is taking good notes. I love that you write a README for every box you do, but am having trouble making my own without just trying to copy you. Could you possibly do a video on how to take proper notes and writing up a box? Or would you have any quick tips? Hope everything for you is well :)
Anderson Isle
This is really neat stuff but You blow through it so quickly, not explaining key elements that the viewers will learn less.
As with 'Stabilize Shell" you did. No idea what you did there but it sounds important so I'll google it.
We call them learning opportunities that you're missing.
Otherwise, awesome.
McKenzie Pines
Silas Forge
Great video john..btw Can we do this challenge by tampering ssh log files to get rce?
Why on earth are you taking notes? -You literally made a complete video about the entire process. xD
He likes his stuff ordered, nice and clean maybe?
You should always do this. It's good practice.
Hey, I like your CTFs. I found it too, but you don't need a reverseshell. The Wbeservice run as root, so you can find the flags only by url. ^^ Funny. But never ever run a webservice as root. NO GO!
Hello John! Why the website did load after aggressive nmap command, and why did it not load before? Any ideas?
Doyle Vista
adamsın adam
Hi John (from the future), I love watching/learning from your contents! What is the actual code inside the script: stabilize_shell3 ? Cheers
Cool, how did you make that stabilize shell bash script tho?
He's got a video on his channel that's called "poor man's pen testing" or something along those lines where he shows how to do that bit.
Paige Prairie
Hey John! while watching your video I noticed how you stabilized your shell. How do you do that? is it a precoded script of somesort?
Great video btw, keep on the good work
@Antony Niyazov I'm not sure I completely understand, but thank you, I will try it
at last part ,i heard a background music, tell me name plz😅
Sir please explain the buffer overflow practical for the OSCP simple and easy techniques.
I got problem in a site m working on. i can view all files in all directory, but cannot read. Can you help me on this?
Is there a video of you doing like a really really hard hack, the type that makes you think for a while? If not, make it lol :D
Dude the shell stabilize script is awesome. Mind sharing? I always do it manually :D
It's on his github
Very cool as always :)
I tried to LFI user.txt and root.txt from the webpage.
Both worked... because root is running flask
AHAHAHA THAT is AWESOME, good call! I should have tried that! Thanks for watching!
What is the version of your ubunto OS
Bro i have a question if you can answer it. Did you use xdotool for your shell stabilizer? If not how do you background the shell from a script?
I prefer quality
What do you mean by stabilize the shell?
Where can I find the script to stabilize the shell?
Hey John this “stabilize_shell” do you use “rlwrap + netcat”?
github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
Look if it help you
And he have video on youtube explain how it works too
@@afetodefato1436 thanks 🦆🤝🏻🦆
This is a video that ASSUMES a lot of those that view. Not a good resource for newbs
Hey John , can you plz provide Stabilize_shell2.sh, Stabilize_shell3.sh ? how it is written?
no need found in your github )))
I am facing the same issue while accessing the machine ip via Web browser. any suggestions.
i am able to ping machine ip.
Thomas Brenda Garcia Dorothy Garcia Ruth
Can we crack root hash from etc/shadow?
I think it's low-key to ask this. But what is John's outro song name?
That is Lost Sky - Fearless. The artist used to be called TULE, but you can them by "Lost Sky" now. Thanks so much for watching!
@@_JohnHammond I'm seriously happy that u replied dude. U r doing a great work. Nvm those ip error , typos, and stuff like that. Its kinda a fun in this serious thing. Thanks a lot for the efforts u put in doing these vids to help beginners like us to learn new stuff. ❣️
is it weird that I got into hacking like a week ago and Ive watched like 15 of your videos already?
How is it going for you? Are you subscribed to try hack me?
@@cristhianz91 Not yet. Right know Im just trying to understand the basics, learn about the tools etc. But I think its something I want to progress on. Watching John use the tools also gives me some understanding about them.
You should also look at some of John's CTF (Capture the Flag) videos for good byte sized, digestible information. Also you can look up some well documented Archived CTFs (ie PICOCTF or one of google ones) to get some hands on practice. (shameless plug) Also check out his Discord. Lots of smart people there who are also interested in this sort of thing. ;)
Link for stabilize shell script?
nice bro
Thanks so much for watching!
nice....
Yeah man
Yo admin en ssh bij linux?
@@realsecrets1 no
wat
linux admin ww
01244 Wava Mountain
Clark Donna Lopez Larry Martin Kevin
sick
Thanks for watching!
Williams Angela Thomas Sarah Johnson Amy
Moar!! :3
More coming up! Each Tuesday and Thursday this month! Thanks so much for watching!
Hey john, telling you as a i watch your videos a lot to learn. i watch them hitting pause and rewind constantly. You look kind of tired and indifferent on that one compared to earlier stuff. Careful with that. You might wanna do little less but keep’em motivated.
Good to know, that is good feedback, thanks for letting me know. You can tell by the lighting and the colors in this video that it is pretty late at night, and there are even some flops in this video since I had some left over stuff from the other one. I'll try and do better to pace myself, especially the VM starting up and the OpenVPN nonsense. Thank you for the constructive criticism -- and thanks for watching!
which python or which python3
Yup, I suck bahaha. I'll try and remember to go for that next time!
♥️