TryHackMe! Wget for Privilege Escalation

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 ธ.ค. 2024

ความคิดเห็น • 99

  • @heyarvee
    @heyarvee 4 ปีที่แล้ว +50

    loved the root pwd overwrite technique!

  • @itskarudo
    @itskarudo 4 ปีที่แล้ว +70

    "That's not how you drink drinks"
    - john hammond 2020

  • @cscogin22
    @cscogin22 4 ปีที่แล้ว +14

    Excuse my language but who the FUCK disliked this upload, its very upfront and show cases simplicity in privilege escalation. This video is very well done. Thanks John!

  • @PC-fe1pf
    @PC-fe1pf 4 ปีที่แล้ว +5

    Great video again John!!! I didn't think about replacing the passwd file with our own. Cool solution!

  • @nightwatch4705
    @nightwatch4705 4 ปีที่แล้ว +5

    Thanks John. This was helpful. We learn something new everyday with you.👍

  • @mi2has
    @mi2has 4 ปีที่แล้ว +3

    wget technique is awsome, i was struggling in CTF.Live in one of very similar priv esc challenges but missing password generation technique , great i learned something new.. Thanks bro

  • @10oneluv10
    @10oneluv10 2 ปีที่แล้ว

    I am SO glad I came across this video. I didn't want to just get the root flag, I wanted to actually root the machine, but couldn't figure out how. Thank you so much!

  • @arjunbk5825
    @arjunbk5825 4 ปีที่แล้ว +1

    We love you man
    Keep them coming

  • @kyriefs7670
    @kyriefs7670 4 ปีที่แล้ว +1

    That moment when the cute peas appears is priceless! Great vid as always, thanks John.

  • @gigi123-hp3
    @gigi123-hp3 9 หลายเดือนก่อน

    You're amazing..keep on going!!!

  • @luigiluiginski1278
    @luigiluiginski1278 4 ปีที่แล้ว +2

    God, I love this guy♥️

  • @kr4k3nn
    @kr4k3nn 4 ปีที่แล้ว

    Thank you sir..Enjoyed Very Much

  • @alexanderb6353
    @alexanderb6353 4 ปีที่แล้ว

    Bravo, master!

  • @blorb112
    @blorb112 ปีที่แล้ว

    Learnt so much from this

  • @D3fconNull
    @D3fconNull 4 ปีที่แล้ว +2

    loved that privesc technique, awesome stuff, has always :)

  • @jaypatterson7958
    @jaypatterson7958 4 ปีที่แล้ว

    loved how to typed the words..awesome technique

  • @orgozlan323
    @orgozlan323 4 ปีที่แล้ว

    Amazing thank you

  • @Vagelis_Prokopiou
    @Vagelis_Prokopiou 4 ปีที่แล้ว

    Awesome video again. Thanks.

  • @haigis
    @haigis 2 ปีที่แล้ว

    Using export for variables in the terminal.... why have I not done this year ago! Thanks

  • @curtishoughton9347
    @curtishoughton9347 4 ปีที่แล้ว

    Awesome as ever thanks!

  • @2ubZ3r0
    @2ubZ3r0 2 ปีที่แล้ว

    Nice Job Sir

  • @Anon0nline
    @Anon0nline 2 ปีที่แล้ว

    Please tell me your ring tone is the crescendo of the Jurassic Park theme song.

  • @Yippy-o1j
    @Yippy-o1j 9 หลายเดือนก่อน

    That was awesome watching you work kudos from Tea4Two

  • @staksior9261
    @staksior9261 4 ปีที่แล้ว

    Congrats on 80k!

  • @neilthomas5026
    @neilthomas5026 4 ปีที่แล้ว +1

    Very cool tbh, I would have never thought to change the password with your own that was very cool😂😂😍

  • @was3490
    @was3490 4 ปีที่แล้ว

    What a great concept, love the vid:D

  • @MD4564
    @MD4564 4 ปีที่แล้ว

    Great video John, learned something new today :)

  • @kennedygreat1524
    @kennedygreat1524 3 ปีที่แล้ว

    Loved it alot

  • @ruchit8762
    @ruchit8762 4 ปีที่แล้ว

    That was amazing !!

  • @conansainshy4445
    @conansainshy4445 4 ปีที่แล้ว

    that was useful thanks john

  • @mmarsyad
    @mmarsyad 4 ปีที่แล้ว

    This is what iam waiting for

  • @Sam_Body
    @Sam_Body 4 ปีที่แล้ว

    Thank you. Probably I shouldn't allow anyone sudo without password especially with sort of wildcard command.

  • @amala2640
    @amala2640 2 ปีที่แล้ว

    very cool

  • @acbghost4411
    @acbghost4411 4 ปีที่แล้ว +7

    that was actually tuff how long have you been doing this

  • @arjunpeter9614
    @arjunpeter9614 4 ปีที่แล้ว

    Linpeas ..👌

  • @gauravparwani400
    @gauravparwani400 4 ปีที่แล้ว +3

    can you explain what was that "nmap/initial" you did there with other commands ??

    • @victorfritsch3530
      @victorfritsch3530 4 ปีที่แล้ว

      -oN/-oX/-oS/-oG : Output scan results in normal, XML, s|

    • @mccoysebrell630
      @mccoysebrell630 4 ปีที่แล้ว +1

      " Mkdir nmap/initial " makes a directory in the nmap folder called intial if nmap directory doesn't exist it creates one.

    • @gauravparwani400
      @gauravparwani400 4 ปีที่แล้ว +1

      @@mccoysebrell630 thanks

  • @washingtonboy1986
    @washingtonboy1986 2 ปีที่แล้ว

    Do you havr a video where you go over your note taking and subl?

  • @whitenova505
    @whitenova505 3 ปีที่แล้ว

    Hi there. I recently came across this program and was wondering how to download saved reddit posts to my profile. Another way of saying this is: how do I download my saved reddit posts using wget?

  • @zerosploit
    @zerosploit 4 ปีที่แล้ว

    yay johns guna be on

  • @0xR00t
    @0xR00t ปีที่แล้ว

    Nice john

  • @matheusBBarni
    @matheusBBarni 4 ปีที่แล้ว

    Why you dont use wappalyzer ?

  • @pierregr8620
    @pierregr8620 3 ปีที่แล้ว

    I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?

  • @parabolicpanorama
    @parabolicpanorama 4 ปีที่แล้ว

    I can connect to the tryhackme VPN and it shows connected, and I'm running just one openvpn process, but I can't access any of the machines I deploy. Even after 15 minutes. I can't even ping the machines. This has happened in 2 of the featured rooms so far. Does anyone else have this problem? What could I be doing wrong

    • @jeromekim5856
      @jeromekim5856 4 ปีที่แล้ว

      are you using the openvpn client on windows? if so its much simpler if you use it on kali

    • @parabolicpanorama
      @parabolicpanorama 4 ปีที่แล้ว

      @@jeromekim5856 I'm on Linux

  • @josephschady1728
    @josephschady1728 4 ปีที่แล้ว

    are you using terminator? and if so how did you make it so colorful when you do ls -la and other things. the background for my terminator is completely black and I don't have any colors only white for text, green for executable files and blue for my path, also loved the video!

  • @georgegreen9145
    @georgegreen9145 4 ปีที่แล้ว

    l laughed when you found the ssh private key in the site map directory. It was so easy, the machine was literally begging to be hacked. I enjoyed the wget priv esc, dope stuff. I'm wondering, what if you hosted a bash binary on a web server, downloaded it with wget, set the SUID flag on it and executed it. I guess that would too.

  • @kevinalexander4959
    @kevinalexander4959 4 ปีที่แล้ว

    so around @11:00 I notice sudo cmd just goes through without any need for a password. It'd been a lot easier to just type in 'sudo su' and gain root then change passwords as please..

    • @codermomo1792
      @codermomo1792 6 หลายเดือนก่อน

      For people who are confused
      This no password is just for specific commands

  • @omegaexcel3496
    @omegaexcel3496 4 ปีที่แล้ว

    What does he use to split terminals?

  • @glowiever
    @glowiever 2 ปีที่แล้ว

    I can't find any access to sudo without password :(
    guess my company's server is good enough

  • @annafan83
    @annafan83 4 ปีที่แล้ว

    Again a veryyyyyyyy noice video :-)

  • @jeromekim5856
    @jeromekim5856 4 ปีที่แล้ว

    thanks bossman :)

  • @jimmy5533
    @jimmy5533 4 ปีที่แล้ว

    I like the way you ended the video :P

  • @ca7986
    @ca7986 4 ปีที่แล้ว

    ♥️

  • @davidleitman
    @davidleitman 3 ปีที่แล้ว

    hey John, thanks for this vid: it seems like there was some reason why you had to run your made up password through python's crypt.crypt function, could you tell me why that is?

    • @nickcarter7063
      @nickcarter7063 3 ปีที่แล้ว

      I'm not 100% sure, but I imagine it's to deal with a common authentication practice. Developers hash plaintext passwords before account creation, so they don't store passwords in the open. When you login, the password you type will get hashed and then compared to the stored hash. With that in mind, he needed to hash his password before storing it in the file to account for that.

    • @EverettWilson
      @EverettWilson 3 ปีที่แล้ว +1

      Nick Carter is correct. Linux stores passwords hashed, so it's not going to be able to handle an unhashed password in /etc/passwd.

  • @different2154
    @different2154 4 ปีที่แล้ว

    Where i can find gobuster tool please tell me

    • @jeromekim5856
      @jeromekim5856 4 ปีที่แล้ว

      apt search gobuster

    • @different2154
      @different2154 4 ปีที่แล้ว

      Jerome Kim thanks dude i appreciate it ❤️❤️

  • @nonnymoose7005
    @nonnymoose7005 4 ปีที่แล้ว

    as a normal linux user, I thought it was impossible to put hashes in /etc/passwd
    turns out you just really shouldn't do that (that is, if you intend to have a secure system - obviously it makes sense to do it here)

  • @madDragon08
    @madDragon08 4 ปีที่แล้ว

    Seems kind of silly to have a password stored as it's own text file. Nothing says 'I'M A PASSWORD' like a string of random characters on a pedestal within it''s own private folder. What if, it was a second layer password? Meaning, if you use this one directly, you'll be taken somewhere else, but the real password had all the "E"s taken out. I know how primes work yes. It would be tough to extract a prime from within a prime, but still, how much longer would the hacker waste trying to verify the password he just downloaded was legit or not, if it gave him access to something totally unrelated?

  • @Sandesh98147
    @Sandesh98147 4 ปีที่แล้ว

    hey can anyone tell me how he splits his terminal like that? terminator?

    • @cocosloan3748
      @cocosloan3748 4 ปีที่แล้ว +1

      He assign a shortcut keys first in terminal preferences...

    • @tecnolinux1469
      @tecnolinux1469 4 ปีที่แล้ว

      i will prefer to use tmux but if you like to use terminator use it but there is ways to do that right click on window it will show spliy vertical or horizontal

    • @rattatteb
      @rattatteb 4 ปีที่แล้ว +2

      You can also split in terminator by default with ctrl+shift+E and ctrl+shift+U if I recall correctly

    • @Sandesh98147
      @Sandesh98147 4 ปีที่แล้ว

      @@rattatteb Thanks Ill check it out

    • @kevinalexander4959
      @kevinalexander4959 4 ปีที่แล้ว +1

      there's a few programs out there that'll do that, i use: tmux

  • @robinhood3841
    @robinhood3841 4 ปีที่แล้ว

    Can you please tell me how you can resize your tmux windows ?

    • @_JohnHammond
      @_JohnHammond  4 ปีที่แล้ว +2

      I use Terminator, and I can resize them with Ctrl+Shift+and the directional arrow key I want them to move in. You can do this with Tmux with Ctrl+B (or your configured hotkey) and the same keystrokes, I believe. Thanks so much for watching!

    • @robinhood3841
      @robinhood3841 4 ปีที่แล้ว

      @@_JohnHammond okk thanks , No thank you for making these awesome contents ! , upload more we are waiting 😁

  • @KIRANIUMR3D4
    @KIRANIUMR3D4 4 ปีที่แล้ว +5

    I feel like i will never learn hacking even its my dream when i was a kid

    • @jelluh24
      @jelluh24 4 ปีที่แล้ว +4

      Don't give up so easily man, try doing a lot of tryhackme rooms and you will see how quickly you can learn stuff.

    • @KIRANIUMR3D4
      @KIRANIUMR3D4 4 ปีที่แล้ว +1

      @@jelluh24 thanks man i am now and i try to do some rooms and take notes and am learning with other friedns now

    • @Juliana-mo7ef
      @Juliana-mo7ef 3 ปีที่แล้ว +2

      @@KIRANIUMR3D4 And? Are you still learning? How far did you come?

    • @KIRANIUMR3D4
      @KIRANIUMR3D4 3 ปีที่แล้ว +1

      @@Juliana-mo7ef i became better it becamse clear to me that hacking is about learning every day and never quit

  • @Kaden407
    @Kaden407 4 ปีที่แล้ว

    Im new to all this and was wondering how you install kali linux

    • @cristhianz91
      @cristhianz91 4 ปีที่แล้ว

      Try hack me web offers you (through paid suscription) a kali linux virtual machine so you dont have to install it.

    • @ZombeeStar
      @ZombeeStar 4 ปีที่แล้ว

      you download the .iso from their website and burn it to a disk or a usb

  • @דןבוגנים
    @דןבוגנים 4 ปีที่แล้ว +1

    kinda neat to (nikto)

  • @deansundquist9601
    @deansundquist9601 4 ปีที่แล้ว

    Thing, enter

  • @thecaretaker0007
    @thecaretaker0007 4 ปีที่แล้ว +1

    John this is bad.
    I came here to see, How to stabilize shell.

    • @PC-fe1pf
      @PC-fe1pf 4 ปีที่แล้ว

      Bro it turns out he uploaded the script to his github page. You can find it here ... github.com/JohnHammond/poor-mans-pentest/blob/master/stabilize_shell.sh

  • @Ropex
    @Ropex 4 ปีที่แล้ว +2

    In EU the load times are much faster :/

    • @_JohnHammond
      @_JohnHammond  4 ปีที่แล้ว +2

      I should go switch to the new US OpenVPN server!

  • @BobbyGreentree
    @BobbyGreentree 8 หลายเดือนก่อน

    Ninja

  • @EthanB347
    @EthanB347 2 ปีที่แล้ว

    You look like burger planet

  • @FutureFlash
    @FutureFlash 4 ปีที่แล้ว

  • @weemanjr1100
    @weemanjr1100 4 ปีที่แล้ว

    I lost it at plzsub, so i had to sub

  • @ninja45036
    @ninja45036 4 ปีที่แล้ว

    Instead if making a 15 min video acting surprised on your scan results, just make recording of you actually solving the puzzle. Your train of thought, seeing what doesn't work and rabbit holes are a part of the CTF process. And since you don't break down what you are actually doing or how you learned such techniques this comes across gross.

  • @pierregr8620
    @pierregr8620 3 ปีที่แล้ว

    I thought passwords were in /etc/shadow but it can be in /etc/shadow too ?