Love the content dude! In a week I've gone from knowing nothing about hacking, very little about networking or scripting and not a huge deal about computers to successfully completing 2 HTB boxes using what I've learnt here! No walkthroughs! Keep up the great work, you're single handedly teaching me penetration testing!
I love how long it takes you to find the tomcat users file, when it was written at the bottom of the :8080 page at all times, you just never got around to reading the last paragraph.
I often like to test path traversal for file=statement by using something like file=statement/../statement since if it actually is path traversal, then the path would be simplified to file=statement, which exists and returns a result ;)
Hey John, would you consider a video walking us through your setup? It would be for other people that aren't running Kali that want to emulate your work flow. Things like install locations for apps and scripts (I see a lot of them in opt but I'm new to Linux and assume there would be some changes you'd have to make to permissions for that to work smoothly), essential tools, folder structuring, services you have either bookmarked or committed to memory (like gtfobins), the shortcuts you use in sublime, and what terminal multiplexer you use (and shortcuts for that)
fun to see the box I just finished :D (My first thing like this ever xD) also learned now some things thatI could have automated :) For example the fuzzing I did manually. And I never checked the admin vhost thingy. and I didnt use metasploit. a regular curl does the trick. Also should have used pwncat. that will help next time :D
No, he just overused to to make sure that he'd eventually get to the root. you can repeat ../ 100 times, it will take you to the root even if you are only two folders deep from root.
Good day John, I am new to the cyber field, I recently started the ceh course and your videos really help with the practical part. Thank you for making such great videos! I beg you, please could you make a video explaining how to make a wordlist for brute forcing passwords, is there a way to make a giant wordlist with all leaked passwords or how do you go about obtaining your word list for all your various projects.
Using wfuzz against an LFI is such an innovative idea but use the flags for filtering 😂. My OCD was triggered. Going to try the same with Feroxbuster tomorrow morning as with recursiveness and syntax I'm curious if it can LFI from a few directories above. On a side note, any update on paramiko for pwncat? Love the tool and want to use it in my standard environment without needing to go virtual env route.
When doing an LFI (local file inclusion) adding ../ allows you to go back a directory (in cases where you don't need a more advanced method or WAF bypass); in his case he is just adding in a bunch as eventually you get to the TLD 'root' directory of the Ubuntu machine and can't go 'up' any further. HackTrickz has a good overview of LFI.
hey John i want to ask about your experience and your opinion using Kali on WLS2, is it worthy for beginner level and people who had limited resources on their computer?
Wow, great. Please help?? -] Exploit aborted due to failure: not-found: The target server fingerprint " ( 401-Basic realm="Tomcat Manager Application" )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check. [*] Exploit completed, but no session was created. I literally did everything the same... :(
Also later on de video he looks for the users.xml location on internet. John! you have the correct path down on the bottom, why don't you finish reading the page?
I don't get people calling people script kiddies just for using useful tools its dum btw i would say a script kiddie is someone that know nothing about coding or using the cool or good tools properly that's like calling a plumber that uses his tools a bad plumber
man you are very talented indeed. could you teach me some important stuff when you free? I'm a hacker too man but in my country I don't have a good mentor.. could you be my mentor?
Love the videos. It would be interesting if TryHackMe or other sites would allow Red vs Blue team. Defenders could access tools like ELK and other tools to monitor and act.
This is much better than Netflix
Ya. I always go for one of these videos first.
100% agree
Honestly ✨
F*c*i*g Trueeeee
The correct response. 🎉
Love the content dude! In a week I've gone from knowing nothing about hacking, very little about networking or scripting and not a huge deal about computers to successfully completing 2 HTB boxes using what I've learnt here! No walkthroughs!
Keep up the great work, you're single handedly teaching me penetration testing!
you had me on the edge of my seat when you didn't think to view the tomcat user file with the file inclusion. best content ever
Loved the wfuzz idea. ippsec also had trouble finding the exact path so you're in good company
I love how long it takes you to find the tomcat users file, when it was written at the bottom of the :8080 page at all times, you just never got around to reading the last paragraph.
Thank you for the awesome content. I find it very inspirational. :)
Thanks for the video, John.
I often like to test path traversal for file=statement by using something like file=statement/../statement since if it actually is path traversal, then the path would be simplified to file=statement, which exists and returns a result ;)
Awesome stuff man. Keep it up. Would like to see some more advanced techniques on harder challenges.
Awesome content. Thanks for all the hard work.
you are the genuine ONE🥃
Just like always you are the best bro.... Whenever there is a htb box release watch both your video and ippsec video....
learning something new everyday from your videos 😁😁
Awesome, as always!
(18:34) - docker container, look for same version of Tomcat and locate the conf file.
(26:48)- Metasploit
(28:22)- Pwncat
(31:31)- fcrackzip
These videos are amazing ,great work
Thanks John!
wfuzz part was cool... and pwncat gotta admit it's awesome.
excellent john!!
This should be good! Thanks JH, keep them coming, good Sir!!
I learned a lot from you,... thanks sir
Awesome video, can you do some more Hack The Box machines?
I just passed the eJPT and im starting the PWK for OSCP
Great . Thanks
Hey John, would you consider a video walking us through your setup? It would be for other people that aren't running Kali that want to emulate your work flow.
Things like install locations for apps and scripts (I see a lot of them in opt but I'm new to Linux and assume there would be some changes you'd have to make to permissions for that to work smoothly), essential tools, folder structuring, services you have either bookmarked or committed to memory (like gtfobins), the shortcuts you use in sublime, and what terminal multiplexer you use (and shortcuts for that)
also if you didnt notice at the bottom on the page for tomcat in the NOTES is shows the directory for the tomcat-users is located
TXT files is preparation for IAS, ssh is complicated fan page.
Comment Box style modes.
Collecting connection/cat files
fun to see the box I just finished :D (My first thing like this ever xD)
also learned now some things thatI could have automated :) For example the fuzzing I did manually. And I never checked the admin vhost thingy. and I didnt use metasploit. a regular curl does the trick. Also should have used pwncat. that will help next time :D
So that's how you tell it to use the hostname and associate it with the IP!! Thanks!!
The fastest exit of VIM I've ever seen. :D
Awesome Content!
Shouting at my screen: read the last paragraph of the tomcat default page...
I love this guy I've been following you for awhile love u
this is true entertainment
apparently this thing requires more patience than I thought.
anything that has to do with computing that is above gaming usually does
Damn read the last line!!
You actually don't need to use the ../ Php will accept absolute paths so you can just do /etc/passwd from anywhere for example
The most shocking for me is how complex is hacking framework(s)
Am I missing something or did you not spot the line at the bottom of the document mentioning the /etc/ path to the xml?
he knows exactly how many ../ to add to go to etc/
thats awesome
No, he just overused to to make sure that he'd eventually get to the root. you can repeat ../ 100 times, it will take you to the root even if you are only two folders deep from root.
@@RocketLR ohhh
Good day John, I am new to the cyber field, I recently started the ceh course and your videos really help with the practical part. Thank you for making such great videos!
I beg you, please could you make a video explaining how to make a wordlist for brute forcing passwords, is there a way to make a giant wordlist with all leaked passwords or how do you go about obtaining your word list for all your various projects.
GOod.. continue..
Ohhh missed the starting gona watch when the video is done
Using wfuzz against an LFI is such an innovative idea but use the flags for filtering 😂. My OCD was triggered. Going to try the same with Feroxbuster tomorrow morning as with recursiveness and syntax I'm curious if it can LFI from a few directories above.
On a side note, any update on paramiko for pwncat? Love the tool and want to use it in my standard environment without needing to go virtual env route.
great video! :)
Great Video! Around 10:15, how do you know how many steps you gotta go back with ../ , was it a specific amount?
cd .. in / takes you to / as you are in the root directory already. So just adding enough ../ does it
When doing an LFI (local file inclusion) adding ../ allows you to go back a directory (in cases where you don't need a more advanced method or WAF bypass); in his case he is just adding in a bunch as eventually you get to the TLD 'root' directory of the Ubuntu machine and can't go 'up' any further. HackTrickz has a good overview of LFI.
@@ChrisSoehnlein Thank you! Now I get it
do some more hackthebox walkthroughs
John what is your OS
Aside from personal performance, any good reason for choosing Ubuntu over for instance, Debian, Arch, etc?
hey John i want to ask about your experience and your opinion using Kali on WLS2, is it worthy for beginner level and people who had limited resources on their computer?
💯
This would have taken me 45 days :P so 45min is pretty good i would say lol.
So sad... And they had just updated their security xD
Vrey Cool Vid :)
Getting user was kind of similar to "Jerry"
Man, I love watching you smash that hosts :).
Isn't that vulnerability called "directory traversal" rather than "local file inclusion"? You can't really include files seems to me :P
Having worked with tomcat it always bothered me that credentials were stored in plaintext in xml files. This video is giving me anxiety.
2 videos on this tabby
Wow, great. Please help?? -] Exploit aborted due to failure: not-found: The target server fingerprint " ( 401-Basic realm="Tomcat Manager Application" )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
[*] Exploit completed, but no session was created.
I literally did everything the same... :(
I missed the live premiere : (
Elements Coming for this answer in elements is looking files prepare
♥️
What terminal do you use ? If anyone know i'm really interested . Thanks
Looks similar to Tilix
I was like, ok you have the path of the tomcat user config and a way to view it, why the hell are you looking for default users?
Also later on de video he looks for the users.xml location on internet. John! you have the correct path down on the bottom, why don't you finish reading the page?
is this ubuntu os?
i could not get any info from nmap scan why is that
I don't get people calling people script kiddies just for using useful tools its dum btw i would say a script kiddie is someone that know nothing about coding or using the cool or good tools properly
that's like calling a plumber that uses his tools a bad plumber
What are you exploiting I'm very curious
Algo
Sir im in very bad situation i need one help from you pls reply me
Wc~c how to use
Sir i need help from you pls reply me
man you are very talented indeed. could you teach me some important stuff when you free? I'm a hacker too man but in my country I don't have a good mentor.. could you be my mentor?
Love the videos. It would be interesting if TryHackMe or other sites would allow Red vs Blue team. Defenders could access tools like ELK and other tools to monitor and act.
That’s king of the hill