Was nice to watch you going through it finding your way instead of a perfect and fully edited video. Much more interesting to see your real thought process and where you get stuck and how you solve it!
Love those kind of your long videos more than short videos bcoz there are more information, techniques and more things to learn from you, how you went through is amazing.
Very nice work as a student currently finishing a degree in cyber security and digital forensics my passion is pen testing can't get enough of it ! Really helpful you have a great mind set for a pen tester which separates us security fanatics from general IT. Keep up the good work. From 🇮🇪🇮🇪
DUDE!!! This was awesome how you showed and how you think on getting the flags. I been trying to learn on how to CTF for a while but didn't know where to start or what I should be learning. Keep up the good work, and you should do something like pentesting 101 basic, to advance. Where to start and move on from there. I think a lot of people would benefit from it. Even tho you think you did mistakes it's good to show them that way regular users understand the mistakes and the different tools and command it takes to learn. Great job once again. Look forward on following the channel and learning my first steps in pen-testing.
Amazing stuff man! I've really enjoyed watching the two videos, they were really educational and I've learned a lot! A little suggestion is that it would be even better if you could explain more what you do and why you do it
upgrading the reserve shell python -c 'import pty; pty.spawn("/bin/bash")' instead of >>>>>>>>>>>>>>> python -c 'import pty; pty.spawn("/bin/sh")' i guess that's why i wasn't working. Thanks Alex for the tutorial i really wanted to see the exploit with metasploit.
Hey Alexis, nice video up there just plz make a video on elaborating those python you imported to find shell, the post method you used in hydra and the find command you used to get id's of users. The video was great again, Thank you
I have one question: while getting access to key 2 of 3 you logged in as SU, and you couldn’t access root. Then you logged in again as SU but from Nmap, and it worked. Why it didn’t work without nmap while you were logged in as “robot”?
I dont know how relevant your question still is, but the nmap binary is owned by root and also has the suid permission bit. He was able to use nmap's interactive mode to spawn an elevated shell with the command "!sh". Take a look at this link. pentestlab.blog/category/privilege-escalation/
Does your terminal not do tab completion or command history navigation because you seem to be doing a lot of manual re-typing which chews up a lot of your efficiency.
Your metasploit did not work because your router had blocked port forwarding. Either you open the ports Manully or you can use payload like bind_tcp or something.. i came accross the same problem and i fixed in this way and did the whole process using metasploit
Nice tutorials as usual, I'm wondering about this Parrot OS that you using on this video is it installed on VM or you installed it as a main system and also your Kali lInux you use them as host machine or main OS? because they run very smoothly ... i have Macbook pro 2017 and i'm installing Kali on VMware fusion and is not running as fast as yours Thanks!
Nice, but one thing, when I tried installed Kali on dual boot alongside with MacBook Pro I can’t use the keyboard or the trackpad but I can use external mouse and keyboard. Is there anyway to use built-in mouse and trackpad on Mac with Kali Linux?
The command he used before lists all the programs on the server that run automatically as root. For example ‘passwd’. That needs to run as root in order to change the hash values in the system files to change the users password. He noticed nmap was in there. Because nmap has a feature to spawn a shell, if you decide to run nmap, it automatically runs as root, then when you spawn a shell from nmap, it spawns the shell as root because that’s what it’s running on. That’s how he was able to gain root access.
Great video! Im stuck at: 4:00 I cant get any response from reverse shell. It just keeps listening and no results when I do curl command :S Can anyone help me out ?
how did you know you had to go to /root ? and how can you possibly know all the commands with correct arguments after a year? especially the python one? and i have many more questions... sorry i am sceptical. did you really do this on first try? ;)
Hi, it worked for me last year, but now when i tried to follow the walthrough (as i'm very weak) it just throws me a blank white page when i try to hit 404.php, tried curl as well as in browser, vm is fine and robot.ova is also running fine but still having trouble...
Stop apologizing, man! :D You're fine! Thanks for the videos.
Loved how excited you got when you would find a key! I can’t wait to watch you do another CTF. Keep up the awesome vids.
I got a little bit too exited
@@HackerSploit its ok bro😊
I think ur trial and error method with wide explanation is absolutely perfect for our learning. Keep making lots of ctf video plz. God bless u.
I don't usually watch long vids but this one was pretty interesting. Kept me hooked throughout.
PS. not hacker. I know pretty much nothin about it.
Same.
they're not bad on 1.5 or faster speed
Oh man!! When you say hope you find value in this video...you know these videos are unique and much more informative. Thank you
Was nice to watch you going through it finding your way instead of a perfect and fully edited video. Much more interesting to see your real thought process and where you get stuck and how you solve it!
Love those kind of your long videos more than short videos bcoz there are more information, techniques and more things to learn from you, how you went through is amazing.
Thank you man - you're vid let us feel the frustration probably unintentionally helpful, at least for me
Watched all start to finish. Another great video this one was super fun!!😀
Very nice work as a student currently finishing a degree in cyber security and digital forensics my passion is pen testing can't get enough of it ! Really helpful you have a great mind set for a pen tester which separates us security fanatics from general IT. Keep up the good work. From 🇮🇪🇮🇪
DUDE!!! This was awesome how you showed and how you think on getting the flags. I been trying to learn on how to CTF for a while but didn't know where to start or what I should be learning. Keep up the good work, and you should do something like pentesting 101 basic, to advance. Where to start and move on from there. I think a lot of people would benefit from it. Even tho you think you did mistakes it's good to show them that way regular users understand the mistakes and the different tools and command it takes to learn.
Great job once again. Look forward on following the channel and learning my first steps in pen-testing.
hsploit, still watching; you got this bro
Thanks mate!
This was so awesome!! thank you for taking the time to walk through this!
Always a good teacher you are. I wish i could come there as a intern to work with you. Also, you need to hold your horses while typing man.
This series is really great, I wanna see more like this, u rock man :)
Lots of educational material here. Excellent, thank you.
this has been such an enjoyable series. like a video game for big boys lol
Your so entertaining to watch I love it, I subbed :)
I thank you for sharing your knowledge. Best greetings from Germany.
Really bro your videos are awesome explained very properly throught good job keep it up and thank you bro God bless you
It's a great learning fr us. Tnx for the series
Really good stuff man learned a lot thank you.
Amazing stuff man! I've really enjoyed watching the two videos, they were really educational and I've learned a lot! A little suggestion is that it would be even better if you could explain more what you do and why you do it
Great series! I waiting for metasploitable 1 & 2 & 3
Really enjoyed this :-)
Hsploit, i love watching you hack, lulz, you ROCK dude!
Thanks mate, and thank you very much for your support. You have been a long time sub and a great help. It is much appreciated
Nice stuff! I’d love to see more CTF’s.
Man u r awesome...Thank you so much for such great content :))
Great video from a great guy ! Gracias
Not to send any mixed signals or something but his voice is amazing
Especially when he was saying "please give me the hash man" LOL
Excellent. Thank you!
upgrading the reserve shell
python -c 'import pty; pty.spawn("/bin/bash")'
instead of >>>>>>>>>>>>>>> python -c 'import pty; pty.spawn("/bin/sh")' i guess that's why i wasn't working.
Thanks Alex for the tutorial i really wanted to see the exploit with metasploit.
I loving it ❤❤❤❤❤❤✌..
Thanks man. You are great.
讲的太好了~👍
Its amazing thanks dude😅
owsome man 😎 in meterpeter, you was bad at SET RPORT
Hey Alexis, nice video up there just plz make a video on elaborating those python you imported to find shell, the post method you used in hydra and the find command you used to get id's of users. The video was great again, Thank you
Nice ☺️👍
Peace dude.. its really awesome
Well done very nice video.. :)
Good Dude
I simple terms ur awsome
I have one question: while getting access to key 2 of 3 you logged in as SU, and you couldn’t access root. Then you logged in again as SU but from Nmap, and it worked. Why it didn’t work without nmap while you were logged in as “robot”?
I dont know how relevant your question still is, but the nmap binary is owned by root and also has the suid permission bit. He was able to use nmap's interactive mode to spawn an elevated shell with the command "!sh". Take a look at this link.
pentestlab.blog/category/privilege-escalation/
Legends like me first solve the room and then watching the MR. ROBOT 😂
Nice 👌🏻
wew grate video serius...
can you make a video how to scanning nmap with scripts
Does your terminal not do tab completion or command history navigation because you seem to be doing a lot of manual re-typing which chews up a lot of your efficiency.
well done!!! :-)
Wow men you great
no, the second key does not "require root". do an "ls -lah" to show permissions and enumerate more thoroughly.
also, "export TERM=vt102" or some other valid terminal after doing the python tty thing you did.
thanks bro
Your metasploit did not work because your router had blocked port forwarding. Either you open the ports Manully or you can use payload like bind_tcp or something.. i came accross the same problem and i fixed in this way and did the whole process using metasploit
Nice tutorials as usual,
I'm wondering about this Parrot OS that you using on this video is it installed on VM or you installed it as a main system
and also your Kali lInux you use them as host machine or main OS? because they run very smoothly ...
i have Macbook pro 2017 and i'm installing Kali on VMware fusion and is not running as fast as yours
Thanks!
I installed it on my main machine.
Nice, but one thing, when I tried installed Kali on dual boot alongside with MacBook Pro I can’t use the keyboard or the trackpad but I can use external mouse and keyboard. Is there anyway to use built-in mouse and trackpad on Mac with Kali Linux?
¡¡Excelente!!
How did he go from user robot to root access? Just by going into nmap interactive and opening a shell?
There's an exploit in nmap where we can get root access.. What he did was what it actually was.. a popular escalation privilege exploit
The command he used before lists all the programs on the server that run automatically as root. For example ‘passwd’. That needs to run as root in order to change the hash values in the system files to change the users password. He noticed nmap was in there. Because nmap has a feature to spawn a shell, if you decide to run nmap, it automatically runs as root, then when you spawn a shell from nmap, it spawns the shell as root because that’s what it’s running on. That’s how he was able to gain root access.
thank youuuu
Great video! Im stuck at: 4:00 I cant get any response from reverse shell. It just keeps listening and no results when I do curl command :S Can anyone help me out ?
check your ip and port number, make sure that you have given the tun0 ip in the php code, i made the same mistake later corrected it
Python part is interesting
maybe you could use ctrl c or ctrl z ..etc. to come out of current running process without killing the applicaton.
It is running as daemon, so it will close the connection, not exit.
YESSSS!!!
Hes the man..
how did you know you had to go to /root ? and how can you possibly know all the commands with correct arguments after a year? especially the python one? and i have many more questions... sorry i am sceptical. did you really do this on first try? ;)
oh and the big giveaway was the "find / -perm..." at 11:30. seemed like you didn't really understand what you were doing. am i wrong? o.O
I think metasploit failed bcz you didn't set lport and lhost bcz you wanted reverse shell and you need those 2 to bind it
Why does the final step of summoning sh works, but if i run a bash shell i have no root permissions??
Hi, it worked for me last year, but now when i tried to follow the walthrough (as i'm very weak) it just throws me a blank white page when i try to hit 404.php,
tried curl as well as in browser, vm is fine and robot.ova is also running fine but still having trouble...
More video pls .........sir
Great tutorial man but i cannot get the reverse shell to work. I keep getting connection refused and i have tried both the archives and php files.
Your CTF video awesome. Make one more video from hackerbox.eu many beginner have no idea how to interact with that website and how to use it.
I get the answer su: must be run from a terminal, why do you think that might be?
After I copied the reverse shell into the editor and updated it the site do not function anymore... like I can't connect to it. PLEASE HELP!
Well... I ran dirb and found a license(200) and surprisingly i found the user elliot and the password... I was saved the brute force.... 😁..
:) Nice one!
What linux os is that ?
Please Upload More CTF
it just Waooooooooo.........
Curl is not working
as you mention in the video ??
Upload reverse php in archives.php instead 404.php
It will work
@@ENGCY-Mir yes i uploaded but how to execute. if write after ip its display all the payloads in browser
please please make a video on temple of doom from vulnhub
Hi sir what happened to SS7 exploit
I will be uploading it to the website
Bro i am not able to find ctf playlist
What are the keys for?
Haroons Gaming Channel the keys are proof of success that's why we call it catch the flag (CTF)
gr8
Next : Facebook CTF
For some reason when I type su - robot it tells me su: must be run from a terminal.
python -c 'import pty; pty.spawn("/bin/sh")'
I keep getting a connection refused (111) when i try to set up the reverse shell :(
You need to put your own IP in the 404 php file (not the mr. robot server's ip)
Bro i got the same
Try archives.php instead of 404.php it worked for me
Blueborne video please
And, what is the password for the Root user?
Why you were able to access root folder after launching shell from nmap?
Because once you are in nmap you are treated like a super user
what is ctf?
capture the flag, should try it, lots of fun recommend try on overthewire by starting from bandit level
what this pty this is doing?
Can anyone please tell me how can i get $(shell) to root@hostname? #hackersploit
That was LiT ("_")
But in a real world example you wouldn't have access to the server wp panel hahah, just another die hard script kiddie that learned metasploit