Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!
wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro
I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!
Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?
I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong
are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!
l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.
so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..
hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?
I'm not 100% sure, but I imagine it's to deal with a common authentication practice. Developers hash plaintext passwords before account creation, so they don't store passwords in the open. When you login, the password you type will get hashed and then compared to the stored hash. With that in mind, he needed to hash his password before storing it in the file to account for that.
as a normal linux user, I thought it was impossible to put hashes in /etc/passwd turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)
Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?
i will prefer to use tmux but if you like to use terminator use it but there is ways to do that right click on window it will show spliy vertical or horizontal
I use Terminator, and I can resize them with Ctrl+Shift+and the directional arrow key I want them to move in. You can do this with Tmux with Ctrl+B (or your configured hotkey) and the same keystrokes, I believe. Thanks so much for watching!
Bro it turns out he uploaded the script to his github page. You can find it here ... github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.
loved the root pwd overwrite technique!
"That's not how you drink drinks"
- john hammond 2020
Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!
Great video again John!!! I didn't think about replacing the passwd file with our own. Cool solution!
Thanks John. This was helpful. We learn something new everyday with you.👍
wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro
I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!
We love you man
Keep them coming
That moment when the cute peas appears is priceless! Great vid as always, thanks John.
You're amazing..keep on going!!!
God, I love this guy♥️
Thank you sir..Enjoyed Very Much
Bravo, master!
Learnt so much from this
loved that privesc technique, awesome stuff, has always :)
loved how to typed the words..awesome technique
Amazing thank you
Awesome video again. Thanks.
Using export for variables in the terminal.... why have I not done this year ago! Thanks
Awesome as ever thanks!
Nice Job Sir
Please tell me your ring tone is the crescendo of the Jurassic Park theme song.
That was awesome watching you work kudos from Tea4Two
Congrats on 80k!
Very cool tbh, I would have never thought to change the password with your own that was very cool😂😂😍
What a great concept, love the vid:D
Great video John, learned something new today :)
Loved it alot
That was amazing !!
that was useful thanks john
This is what iam waiting for
Thank you. Probably I shouldn't allow anyone sudo without password especially with sort of wildcard command.
very cool
that was actually tuff how long have you been doing this
Linpeas ..👌
can you explain what was that "nmap/initial" you did there with other commands ??
-oN/-oX/-oS/-oG : Output scan results in normal, XML, s|
" Mkdir nmap/initial " makes a directory in the nmap folder called intial if nmap directory doesn't exist it creates one.
@@mccoysebrell630 thanks
Do you havr a video where you go over your note taking and subl?
Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?
yay johns guna be on
Nice john
Why you dont use wappalyzer ?
I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?
I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong
are you using the openvpn client on windows? if so its much simpler if you use it on kali
@@jeromekim5856 I'm on Linux
are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!
l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.
so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..
For people who are confused
This no password is just for specific commands
What does he use to split terminals?
I can't find any access to sudo without password :(
guess my company's server is good enough
Again a veryyyyyyyy noice video :-)
thanks bossman :)
I like the way you ended the video :P
♥️
hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?
I'm not 100% sure, but I imagine it's to deal with a common authentication practice. Developers hash plaintext passwords before account creation, so they don't store passwords in the open. When you login, the password you type will get hashed and then compared to the stored hash. With that in mind, he needed to hash his password before storing it in the file to account for that.
Nick Carter is correct. Linux stores passwords hashed, so it's not going to be able to handle an unhashed password in /etc/passwd.
Where i can find gobuster tool please tell me
apt search gobuster
Jerome Kim thanks dude i appreciate it ❤️❤️
as a normal linux user, I thought it was impossible to put hashes in /etc/passwd
turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)
Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?
hey can anyone tell me how he splits his terminal like that? terminator?
He assign a shortcut keys first in terminal preferences...
i will prefer to use tmux but if you like to use terminator use it but there is ways to do that right click on window it will show spliy vertical or horizontal
You can also split in terminator by default with ctrl+shift+E and ctrl+shift+U if I recall correctly
@@rattatteb Thanks Ill check it out
there's a few programs out there that'll do that, i use: tmux
Can you please tell me how you can resize your tmux windows ?
I use Terminator, and I can resize them with Ctrl+Shift+and the directional arrow key I want them to move in. You can do this with Tmux with Ctrl+B (or your configured hotkey) and the same keystrokes, I believe. Thanks so much for watching!
@@_JohnHammond okk thanks , No thank you for making these awesome contents ! , upload more we are waiting 😁
I feel like i will never learn hacking even its my dream when i was a kid
Don't give up so easily man, try doing a lot of tryhackme rooms and you will see how quickly you can learn stuff.
@@jelluh24 thanks man i am now and i try to do some rooms and take notes and am learning with other friedns now
@@KIRANIUMR3D4 And? Are you still learning? How far did you come?
@@Juliana-mo7ef i became better it becamse clear to me that hacking is about learning every day and never quit
Im new to all this and was wondering how you install kali linux
Try hack me web offers you (through paid suscription) a kali linux virtual machine so you dont have to install it.
you download the .iso from their website and burn it to a disk or a usb
kinda neat to (nikto)
Thing, enter
John this is bad.
I came here to see, How to stabilize shell.
Bro it turns out he uploaded the script to his github page. You can find it here ... github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh
In EU the load times are much faster :/
I should go switch to the new US OpenVPN server!
Ninja
You look like burger planet
I lost it at plzsub, so i had to sub
Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.
I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?