I've been following you for a bit now and I love those "long and boring" parts! Your videos gave me the spark I needed to dive into InfoSec. Keep it going, i'm feeling a little less dumb each time you get a video out! Cheers!
(18:57)-SHELL shock reference (20:00)-Need to be an absolute path, cmd using curl (23:41)-Using Metasploit console (26:03)-Upload linpeash via meterpreter (31:04)-searchsploit tack m to mirror the dot c file and upload the dot c file via meterpreter
I didn't know shit about hacking, and this video give me so many insight how to do offensive hacking (metasploit, cve, the cve poc, etc). This is literally goldmine. I recommend this channel to any software engineer trying to make sense the "hacking world". I tried to watch LifeOverflow channel and most of the time, the content just went over my head because he mostly doing low level stuff. This channel on the other hand, hits closer to home because I use linux daily, so I already familiar with it.
man i love your videos about ctfs, it's really inspiring and motivates me to keep going i like your dynamic of explaining the videos. and you also demystify the idea that to be a good hacker you have to be an elliot alderson keep going all the love in the world
Okay. I do not understand all of this YET. but this makes me excited to go deeper into it. Lol I can follow along and it actually makes sense to me 😂. Wow this is awesome. Subbed!
I Really love your energies ngl. Big fan here haha could you maybe give me some tips on how to get better in cyber security? A beginner here haha. Again big fan
Energy really comes from passion. Did you see his reaction when he got root ? That was a priceless expression that only comes out if you are passionate about what you are doing.
Fun fact: As you know linux sometimes dosen't let you to "do clear screen command". Clear your terminal screen anytime using this guide. Guide: (1)Open terminal and click on 3 dots, then click on preference (2)Then click on 'shortcuts' and then find option named 'reset and clear' option could be 'disabled' (3)Click on "disabled" and enter a special key that you don't use in terminal. (I suggest you use this key)"i am using ''END'' key". And whenever you press that key it will clear terminal screen anywhere.
@@camarada1996 Yes Exactly. When terminal is doing something While processing previously given command, for instance "exploit" in metasploit. You will first have to stop running "whatever" process with Ctrl + c and then you can use "Ctrl + L or clear" command to clear your screen. With method which I wrote, by simply adding a shortcut In terminal you can clear the screen anytime.
Hi ,unfortunately my nikto is not showing any shellshock vulnerability, I could only know from your video ,so then in other cases /cgi-bin/test.cgi can be vulnerable then .If I see these somewhere I should try shellshock
hey john while I try to upload the .c file I'm getting an error "4: Operation failed: 1" and I am using metasploit 6 . Anyone who reads it if he has the solution for this can help me It will be a great pleasure from my side. Please help me with this situation.
I’m getting the ‘cc1’ error message you said you got before filming. Shame you wasn’t able to quickly show what you did to solve it. Made this challenge far too frustrating. I tried to watch your video as less as possible and do it on my own. I thought I was doing something wrong and you ended up using the same exact file as I did, so I knew I didn’t make a mistake. Clearly a bug. Just annoying :(
In spirit, metasploit is as much cheating as using google. If anything should be considered cheating or cheap, shouldn't it be linpeas? Because you should already know where to check for privesc vectors, whereas expecting you to know every exploit in every language is ridiculous.
Doesn't always work in your shell. You can see that he tried that a few times and had to go back and type the full file name. I do agree with your sentiment though. You get used to the autocomplete.
Someone commented "Watching John makes me realize just how little i actually know about cyber-security". Thanks for giving me a reality check xDDD
true lol
realted lol🤣😂
0day was so good in the manner he prepared the box
Thank you!!
@@0dayCTF ur Story is grt and u deserve respect mate
Ryan is a fighter, he has an epic past♥️♥️ #respect
@@0dayCTF was the initial encrypted RSA key really a rabbit hole?
@@anishagrawal7068 Yes, that was a completely fake key. I had to do some things to distract from the real exploit!
I've been following you for a bit now and I love those "long and boring" parts!
Your videos gave me the spark I needed to dive into InfoSec.
Keep it going, i'm feeling a little less dumb each time you get a video out!
Cheers!
(18:57)-SHELL shock reference
(20:00)-Need to be an absolute path, cmd using curl
(23:41)-Using Metasploit console
(26:03)-Upload linpeash via meterpreter
(31:04)-searchsploit tack m to mirror the dot c file and upload the dot c file via meterpreter
I didn't know shit about hacking, and this video give me so many insight how to do offensive hacking (metasploit, cve, the cve poc, etc). This is literally goldmine.
I recommend this channel to any software engineer trying to make sense the "hacking world".
I tried to watch LifeOverflow channel and most of the time, the content just went over my head because he mostly doing low level stuff.
This channel on the other hand, hits closer to home because I use linux daily, so I already familiar with it.
To sum up the things I've learned and needed to learn from this video: God bless you, John Hammond!!
Thanks for sharing real way of thinking instand of just showing off the answers eventhough you had already pawnd it. Supporting to you!
man i love your videos about ctfs, it's really inspiring and motivates me to keep going i like your dynamic of explaining the videos. and you also demystify the idea that to be a good hacker you have to be an elliot alderson
keep going
all the love in the world
Okay. I do not understand all of this YET. but this makes me excited to go deeper into it. Lol I can follow along and it actually makes sense to me 😂. Wow this is awesome. Subbed!
Me: Satisfying yt algo.
Also me: enjoying every minute watching JH.
The reaaaal realty hack! Awesome i love it ❤️🔥
There's that beautiful pea-head!
Just wow, it was awesome seen this in action!
Great job great tutorial so far i found about try hack mee series. Go ahead John
solving the machine was fun but infinite scrolling which i didn't knew and I now know was damn good
I really enjoy with you and ippsec. You guys are amazing. Like your voice man... See you around
Hi John, great job !
good content mate!! plz keep uploading such next level crazy stuff
No.. I understood a lot more than I thought I would ❤❤❤
Educational and entertaining. Excellent.
Oh yeah legend in action 😂😊 waiting John bro ☺️
John Hammond .... +1 You ROCK!!!!!!!!!
that sad moment when he forgets that "export TERM=xterm" allows him to clear screen from the shell
0days box was fun
🙏🙏🙏
I SEE YOU BOO
Ayeeeeee 🙏🙏
no idea what the fuck im watching but cool i want to do things now
19:04 who else checked their discord?
The next room is OWASP Juice Shop. It would by fun
thx good joooooooobbb🐯🐯🐯
29:55?
Green screen?
MORE! THE MOB DEMANDS MORE
Ryan and john big fan ♥️♥️
I have looked to see if you did a rust scan set up. Could you show how to set up rust scan on kali?
you were an inspiration to me to start a yt channel in my native language for OffSec and general comluter stuff
I Really love your energies ngl.
Big fan here haha could you maybe give me some tips on how to get better in cyber security? A beginner here haha.
Again big fan
Energy really comes from passion. Did you see his reaction when he got root ? That was a priceless expression that only comes out if you are passionate about what you are doing.
amazing dude
Why not use tab completion on files and folders in your terminal?
why does he prounounce room as rum or rim but not door as dur or dir
I'm wondering what is the music name n the end!
Fun fact: As you know linux sometimes dosen't let you to "do clear screen command".
Clear your terminal screen anytime using this guide.
Guide:
(1)Open terminal and click on 3 dots, then click on preference
(2)Then click on 'shortcuts' and then find option named 'reset and clear' option could be 'disabled'
(3)Click on "disabled" and enter a special key that you don't use in terminal.
(I suggest you use this key)"i am using ''END'' key".
And whenever you press that key it will clear terminal screen anywhere.
doesn't 'ctrl+L' work? always use it
edit: nvm, probably about the meterperter
@@camarada1996 Yes Exactly.
When terminal is doing something While processing previously given command, for instance "exploit" in metasploit.
You will first have to stop running "whatever" process with Ctrl + c and then you can use "Ctrl + L or clear" command to clear your screen.
With method which I wrote, by simply adding a shortcut In terminal you can clear the screen anytime.
Wow there's race to be 1st or 2nd didn't know that XD
Lots of fun
wait so what if spoofed the dhcp instead of targeting the service
Hi ,unfortunately my nikto is not showing any shellshock vulnerability, I could only know from your video ,so then in other cases /cgi-bin/test.cgi can be vulnerable then .If I see these somewhere I should try shellshock
I was using parrot os in there nikto doesnt show this vulnerabiltry
I had no idea Seth Rogan had this side to him
Hi John, I want to know is there a way to take priv esc without using kernel exploit on this box?
There was a recent bug in the sudo binary that was recently discovered that is supposed to be ~9 years old. That would probably work
anybody saw the irony that john himself couldn't find ssh2john XP.
John will you showcase HTB battlegrounds ?
Which os you are using ?
Linux Kali
31:24 nice nice thats why they pay me the big backs XD
That was cool
i love you so much sir
hey john while I try to upload the .c file I'm getting an error
"4: Operation failed: 1"
and I am using metasploit 6 . Anyone who reads it if he has the solution for this can help me It will be a great pleasure from my side. Please help me with this situation.
I hate when already solve it without us
I think some of the rooms take hours to solve. Couldn't really stream live for that long. Maybe John can answer this a little better.
@@mikeholmesdj maybe, but it would be awesome if he did
@@enadalotaibi8181 It would be truly awesome. I'm hoping his 1000th video is going to be something special for us all. He has done 998 at mo.
I'm a little late but I'm here
love you
love from India...........
What does WAAAAAAAK mean LMAO
Spoiler alert: 32:58
Dope
ssh2john is located on /usr/share/john/ssh2john ❤️
Dud, try Turtles? as the password? maybe??
I’m getting the ‘cc1’ error message you said you got before filming. Shame you wasn’t able to quickly show what you did to solve it. Made this challenge far too frustrating. I tried to watch your video as less as possible and do it on my own. I thought I was doing something wrong and you ended up using the same exact file as I did, so I knew I didn’t make a mistake. Clearly a bug. Just annoying :(
ssh2john, just like other john scripts is located at /usr/share/john/ssh2john.py
In spirit, metasploit is as much cheating as using google. If anything should be considered cheating or cheap, shouldn't it be linpeas? Because you should already know where to check for privesc vectors, whereas expecting you to know every exploit in every language is ridiculous.
hi
❤️
car . secret ahhahaaha
Hello,
my fifa21 Account got a transfermarket ban. Could you remove it with nmap or could you show me how i could remove it.
Greetings from Germany
msf5 1337
1st 😎😁
6th
2st
Im a 12th grade programming student and seeing this kinda overwhelms me lol
dont worry broda he is on a very different level, just chill and learn slowly
Sadly this has nearly nothing to do with programming. Just pen testing.
0th
USE TAB FFS typing filenames in full is anoying asf, type some of it then hit tab!!!! easy!!!!
Doesn't always work in your shell. You can see that he tried that a few times and had to go back and type the full file name. I do agree with your sentiment though. You get used to the autocomplete.