Wanted to pin a comment about the ZAP error that you see quickly around 8:10. TL;DR: just change "...." to "....." and you should be good. This was a bit of an oversight on my part so I hope that clears it up!
@@julianpluas9010 It's a basic Python reverse shell. You can find this one and ones like it on PayloadsAllTheThings: github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#python
@@huskyhacks also, can you pleeeease also specifiy the correct link for the PHP shell you used after min 33? A million thanks and all the very best, nicely detailed explanation and easy to follow even for noobs like us :))
@@huskyhacks I would think this is getting towards the hardest levels for the Web Exploitation section, so it makes sense that it starts getting pretty tough to challenge you. I imagine once we switch to a different topic in a few days that it will go back to very easy and work it's way back up again!
Hey Husky, I dont know if you know this but you are really good at explaining these topics. Thanks for teaching this content! Look forward to any more content you put out. Take care
Hey Husky, usually you see these 45 minute videos and think "F THAT" but I watched it anyway, and I was engaged and interested from start to finish. The way you explain things are great and I couldn't have done this room without you. I got about half way through it then watched your video and it helped a lot. I'm just starting my Cyber journey and videos like yours make it so much easier, so thank you for taking the time to help and save Buttmas!
I like you giving additional information to THM content. I'm new to it and did 6 answers without watching video, but 6th I took from /etc/hosts. Need to digest LFI to RCE via Log files and PHP sessions and then try again. Good stuff!
You are my savior!! i have been dealing with the same issue for 3 days now and no dice 😅 i also have to learn more on how to go from LFI to RCE since i know next to nothing on php 😂😂 i was so focused on doing it the way it was intended that i forgot you could just do this and get done with it, thanks so much now i can get on with my existence 😂😂
As a beginner watching this stuff i just wonder how in the hell anybody figures all this stuff out. i could be put in a room with a computer for a million years and wouldnt be able to pull these things off without this helpful tutorial. im determined to learn this stuff however and this advent of cyber is really helpful in teaching me so many different aspects of cyber exploitation. thank you for the great tutorial!
Nice lil Missouri gov joke there. This is actually the first video of yours I’ve seen and you’re a phenomenal teacher! Well done (commenting for engagement) Liked n subscribed
Husky I had lost all hope until I clicked on your video for help.. best decision ever and love the way you teach! came for a tutorial, leaving as a subscriber. Thank you
Thank you for breaking this down so incredibly well for beginners. I got a blank page for the last question last night and am starting all over again today but I'm not frustrated at all because of how well you put this together. Plus the whole repetition is key thing 🙃
Husky, this is the first video I've ever watched of yours. Thank you so much for explaining everything thoroughly and breaking it down. This was such a great video!
I never wrote this, but the first time I watched this video, the day that Day 6 came out, one thing that really struck me and carved into my heart was 2:27 - 2:30... Those 3 seconds... The way you said it... 🔥 P.S. I just came from your Twitter post about your new updated personal blog and just wanted to write this. Even though most of the stuff you share are way over my head... You're amazing human being... Blessed be... Hopefully we'll be able to see the Elf version of you on Advent of Cyber 4...🎄
Great job explaining it without completely walking the way to the last answer. I did this late last night and not willing to admit how long it took to figure out why www-data isn't the hostname.
Hello! Could you please explain the last part of the challenge? Last question: The web application logs all users' requests, and only authorized users can read the log file. Use the LFI to gain RCE via the log file page. What is the hostname of the webserver? The log file location is at ./includes/logs/app_access.log.
This was a good informative video but this day's challenge isn't really for beginners, not sure how someone could have done this without just copying everything in the video.
I honestly tend to agree, the difficulty spike here is apparent compared to the earlier rooms. Still, the subject is important and worthwhile to learn.
I'm glad I'm not the only one thinking that, being a beginner myself I couldn't manage the room yesterday and I actually intend to copy everything in the video today... Though I'll try to understand what's happening and how, I'll have to study this again later to truly get it
Unable to open the site from ZAP, getting error. Also saw an error while starting ZAP which said about cert expiry of ZAP in browser? Any one faced the same? Need help!
Hi @HuskyHask , thanks for the tutorial. Unfortunately, I couldn't follow it from about minute 8:50 as the website in the AttackBox always displayed Error 405 - method not allowed. I think, that something with the webserver in the VM is wrong as I already get this error message in minute 7:50 of your video for the nmap. Can you help me or check this in the attack box?
I love your energy, boy, your authenticity is just heart-warming and amusing, especially the hat hahahaha :) great video, great excourse which wasn't included in the challenge, thank you!!!
Hi HuskyHacks! Thanks for this video, really helped for the day 6 task. But I got stuck at the point where it asks for hostname of the server and rewatched some parts but didn't see you mentioning how to get the answer then we moved onto the bonus bits and my machine time ran out :/
Hey! the hostname can be found after getting any kind of code execution against the server. So if you can run any commands on the server, just use the 'hostname' command. I do this at the 41:25 mark but you can also see it by using the phpinfo() function
Hi, first time viewing you. Great content. But, clicking on resending to request to edit is not opening ZAP? and my machine says Zap is outdated and CA validation expired.
Thanks for the walkthrough, can you tell what is 'a' flag in 'ip -br -c a'? Is it same with 'address'? It was in 40:15 btw. Using addr or address instead of 'a' oututs the same thing but kinda weird couldn't find it in ip manual.
Because my monkey brain cannot handle a ton of information, I use 'ip -br -c a' to print the IP information for each interface in 'br'ief form (less info, basically just the IP address) and 'c'olorize the output so it's easier to see. Thus, 'ip -br -c a'
why do we need to encode the data being retrieved at 19:44, I didn't get that. Yes, it won't show up to the client and by php filter we retrieve it but why in encoded form?
Given that error message shows when you're not logged in, and we need that '?err='' parameter available for us to perform LFI, I figured the quickest way to get to that error would be to use an incognito browser because you could be logged in to see the logs on the logged in session and perform the LFI on the ?err= parameter on the incognito browser
Great video! I'm having an issue saving and closing out of nano on attackbox. For whatever reason whenever I hit CTRL O, or CTRL X to save and exit, my CTRL button is not responsive and it just types the letter. Any ideas on what I could be doing wrong? edit: If anyone else had this issue, I just switched from using Attack Box in the browser to using Remote Desktop and I was able to use my CTRL button again!
When I use Zap it doesn't load the page, gives all kinds of errors.. :( Nvm, figured it out but since I can only open 1 box and need a new one now, can't do it. Kinda sad 1 box a day. xD
I have about 10 years of experience in basic IT, system administration, network administration, intelligence analysis, and the latter half of those years in ethical hacking/red teaming specifically
@@howtobecometoolkit the Missouri governor received a responsible disclosure notice which involved viewing the page source, and then went on a vendetta about how it was hacking and against the law. Ars Technica has a couple articles on it.
In the "URL to explore" box, I took the 's' off of https and it worked. It came up on the browser as https, just wouldnt work if I included it in the URL to explore. ...
I'm actually going to pin a comment about this because it was a bit of an oversight. But yes, closing the browser and reopening OR using 'http' not 'https' should do it
👍 Well explained, thank you ! Fun fact: on this specific box you can just omit the multiple `../`'s, and just request `?err=/proc/cpuinfo` for example. The leading slash is not sanitized. 😃
you are talented and very capable, I would say, a brand new wind to industry! thank you for spreading the knowledge, I hope very much, you will find this energizing too, for at least for another couple of times!
Killing me here - I've been living under a rock; someone please clue me in on Missouri and viewing page sources! [@ 20"] - - ahhh, never mind; found it. Lol!
I think THM probably has an intro level LFI room on their site as well. I'd say just focus on everything in the video up to 36:19 mark and don't worry about the advanced stuff
Great video! Really fun you got a reverse shell, but I'm wondering how you went from the interactive shell to having (in the next part) root@ip in that shell. How did you go from www-data to root? :) Thanks anyway
That root@[ip] with the green text is just the Attack Box's cmd shell, is that the one you're referring to? I didn't escalate to root on the target server
Wanted to pin a comment about the ZAP error that you see quickly around 8:10. TL;DR: just change "...." to "....." and you should be good.
This was a bit of an oversight on my part so I hope that clears it up!
Hi HuskyHacks. Can you explain what you pasted to the clipboard at 40.33? I did not see you copy anything.
@@julianpluas9010 It's a basic Python reverse shell. You can find this one and ones like it on PayloadsAllTheThings: github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#python
Using http takes me to /login, whereas you were taken to index.php and the err=error.txt page. How would I find that?
Thank you for this! this is where I got stuck initially as well
@@huskyhacks also, can you pleeeease also specifiy the correct link for the PHP shell you used after min 33?
A million thanks and all the very best, nicely detailed explanation and easy to follow even for noobs like us :))
I'm not sure how this was in any way for beginners lol, but your video was amazing, thanks!
Right I was thinking the same thing! I was able to get through this room, but it's got me worried about the remaining 19 days lol
I appreciate it! The difficulty definitely does spike on day 6 for sure. Can't really say anything about the remaining days
@@huskyhacks I would think this is getting towards the hardest levels for the Web Exploitation section, so it makes sense that it starts getting pretty tough to challenge you. I imagine once we switch to a different topic in a few days that it will go back to very easy and work it's way back up again!
@@TRD_Mike I think day 7 was easier than day 6 lol
Hey Husky, I dont know if you know this but you are really good at explaining these topics. Thanks for teaching this content! Look forward to any more content you put out. Take care
I second this!
tyty
@@huskyhacks Yeah, absulutely great job! You've got yourself another subscriber :-)
Hey Husky, usually you see these 45 minute videos and think "F THAT" but I watched it anyway, and I was engaged and interested from start to finish.
The way you explain things are great and I couldn't have done this room without you. I got about half way through it then watched your video and it helped a lot. I'm just starting my Cyber journey and videos like yours make it so much easier, so thank you for taking the time to help and save Buttmas!
I like you giving additional information to THM content. I'm new to it and did 6 answers without watching video, but 6th I took from /etc/hosts. Need to digest LFI to RCE via Log files and PHP sessions and then try again. Good stuff!
You are my savior!! i have been dealing with the same issue for 3 days now and no dice 😅 i also have to learn more on how to go from LFI to RCE since i know next to nothing on php 😂😂 i was so focused on doing it the way it was intended that i forgot you could just do this and get done with it, thanks so much now i can get on with my existence 😂😂
The best LFI presentation so far. Subscribed and liked. Great video.
Got here from thm. I liked seeing the extra content and what else you could do with the machine. Subbed. :)
As a beginner watching this stuff i just wonder how in the hell anybody figures all this stuff out. i could be put in a room with a computer for a million years and wouldnt be able to pull these things off without this helpful tutorial. im determined to learn this stuff however and this advent of cyber is really helpful in teaching me so many different aspects of cyber exploitation. thank you for the great tutorial!
Nice lil Missouri gov joke there. This is actually the first video of yours I’ve seen and you’re a phenomenal teacher! Well done (commenting for engagement)
Liked n subscribed
I was triggered enough by the use of OWASP ZAP. At least you cited your sources for the "fine addition to my collection" meme ;).
Husky I had lost all hope until I clicked on your video for help.. best decision ever and love the way you teach! came for a tutorial, leaving as a subscriber. Thank you
Great understanding of the Linux hierarchy, web servers, PHP and GNU tools, subscribed and looking forward to learning more from you young dog.
Thanks! I appreciate the kind words!
Husky is a gem! Subbed and liked because of how well you explained everything :)
Same here!
tyty
Thank you for breaking this down so incredibly well for beginners. I got a blank page for the last question last night and am starting all over again today but I'm not frustrated at all because of how well you put this together. Plus the whole repetition is key thing 🙃
Husky, this is the first video I've ever watched of yours. Thank you so much for explaining everything thoroughly and breaking it down. This was such a great video!
I never wrote this, but the first time I watched this video, the day that Day 6 came out, one thing that really struck me and carved into my heart was 2:27 - 2:30... Those 3 seconds... The way you said it... 🔥
P.S.
I just came from your Twitter post about your new updated personal blog and just wanted to write this.
Even though most of the stuff you share are way over my head... You're amazing human being... Blessed be... Hopefully we'll be able to see the Elf version of you on Advent of Cyber 4...🎄
lmao i laughed while he had his pointer at burpsuite while he was introducing ZAP😂
Your energy and explanation was on point..!! I like that you teach way more than what is required to solve the lab.
Just finished Day 6 and your video. You do a really great job explaining things, I really enjoyed learning from you. Thanks.
NGL, pretty bummed I just now found your channel! That Missouri joke had me weak! You are a great educator. Thank you for making content
Thanks so much for this! I was completely lost until I began watching your video. I followed along step by step and completed this challenge!
18:02....Illuminati alert 😂... The concept actually blew my mind!!....great work @HuskyHacks❤️👍
Great job explaining it without completely walking the way to the last answer. I did this late last night and not willing to admit how long it took to figure out why www-data isn't the hostname.
😂 been there
wow your really good at explaining things in plain english, thanks for the tutorial, subbed
Just started THM this past weekend, thanks for really good explanation video!
Best video on Advent of Cyber so far!
Hello! Could you please explain the last part of the challenge? Last question:
The web application logs all users' requests, and only authorized users can read the log file. Use the LFI to gain RCE via the log file page. What is the hostname of the webserver? The log file location is at ./includes/logs/app_access.log.
The answer is on the video. Rewatch the video
at 36:43 change cmd to cmd=hostname
/etc/hostname has it
@@kibog1424 okay thanks
HA! you totally got me. I thought you were talking about Burpsuite, but, no.......OWASP Zap! You trickster!
⚡⚡⚡
This was a good informative video but this day's challenge isn't really for beginners, not sure how someone could have done this without just copying everything in the video.
I honestly tend to agree, the difficulty spike here is apparent compared to the earlier rooms. Still, the subject is important and worthwhile to learn.
I'm glad I'm not the only one thinking that, being a beginner myself I couldn't manage the room yesterday and I actually intend to copy everything in the video today...
Though I'll try to understand what's happening and how, I'll have to study this again later to truly get it
Unable to open the site from ZAP, getting error. Also saw an error while starting ZAP which said about cert expiry of ZAP in browser? Any one faced the same? Need help!
Hi @HuskyHask , thanks for the tutorial. Unfortunately, I couldn't follow it from about minute 8:50 as the website in the AttackBox always displayed Error 405 - method not allowed. I think, that something with the webserver in the VM is wrong as I already get this error message in minute 7:50 of your video for the nmap.
Can you help me or check this in the attack box?
Seems like it's an error on the THM side, I think they were having some issues but fixed them. I'd try this again
Thanks for going further than you needed!
I love your energy, boy, your authenticity is just heart-warming and amusing, especially the hat hahahaha :) great video, great excourse which wasn't included in the challenge, thank you!!!
Amazing explanation! Loved it! Please continue posting more videos! Looking forward to watching them.
Very enjoyable Aoc Task. Thank you so much for the walkthrough.
Hi HuskyHacks! Thanks for this video, really helped for the day 6 task. But I got stuck at the point where it asks for hostname of the server and rewatched some parts but didn't see you mentioning how to get the answer then we moved onto the bonus bits and my machine time ran out :/
Hey! the hostname can be found after getting any kind of code execution against the server. So if you can run any commands on the server, just use the 'hostname' command. I do this at the 41:25 mark but you can also see it by using the phpinfo() function
@@huskyhacks I see it now. Day 6 task overwhelmed me. Thank you!
Nice video bro, greetings from Argentina!
Hi, first time viewing you. Great content. But, clicking on resending to request to edit is not opening ZAP? and my machine says Zap is outdated and CA validation expired.
same for me. Is this relevant? Any idea?
This was amazing, thank you for explaining it so well !! Will definitely check out your other videos hungry for more 😀👍
Watching a second time just to fully understand the concepts, great video!
Thanks for the walkthrough, can you tell what is 'a' flag in 'ip -br -c a'? Is it same with 'address'? It was in 40:15 btw. Using addr or address instead of 'a' oututs the same thing but kinda weird couldn't find it in ip manual.
Because my monkey brain cannot handle a ton of information, I use 'ip -br -c a' to print the IP information for each interface in 'br'ief form (less info, basically just the IP address) and 'c'olorize the output so it's easier to see. Thus, 'ip -br -c a'
why do we need to encode the data being retrieved at 19:44, I didn't get that. Yes, it won't show up to the client and by php filter we retrieve it but why in encoded form?
Catching up the AOC challenges and this fright me out that I'm about to use the useragent to poison a log... like in Log4j :S
Thank you for your well explained video. Hope to see you in any of the other challenges
stay tuned then 👀
wow 10/10 thanks for the great video hope you do another one.
Great Tutorial, Excellent explanations, could you explain a little more why you log out at 30:57?
I guess its because you won't see the error message if you're logged in.
Given that error message shows when you're not logged in, and we need that '?err='' parameter available for us to perform LFI, I figured the quickest way to get to that error would be to use an incognito browser because you could be logged in to see the logs on the logged in session and perform the LFI on the ?err= parameter on the incognito browser
@@huskyhacks and @maniac ;} makes sense! thanks for clarifying.
Great video! I'm having an issue saving and closing out of nano on attackbox. For whatever reason whenever I hit CTRL O, or CTRL X to save and exit, my CTRL button is not responsive and it just types the letter. Any ideas on what I could be doing wrong?
edit: If anyone else had this issue, I just switched from using Attack Box in the browser to using Remote Desktop and I was able to use my CTRL button again!
The walkthrough was tricky and challenging for a beginner 😉😄; however, your teaching style is fascinating, and I enjoyed it!
Thanks!
GREAT video, thanks for taking the time to explain things fully
Subscribed! Your an awesome guy!
So far it is the best walkthrough of AoC3. Really good explaining, thanks a lot!
When I use Zap it doesn't load the page, gives all kinds of errors.. :( Nvm, figured it out but since I can only open 1 box and need a new one now, can't do it. Kinda sad 1 box a day. xD
00:36:01 I follow exactly but I can't see 'cannot execute a blank command', can you advise please?
ok it was me... I put curl -A "
Really in-depth tutorial.Thank you so much
what resources did you use to learn this stuff initially?
I have about 10 years of experience in basic IT, system administration, network administration, intelligence analysis, and the latter half of those years in ethical hacking/red teaming specifically
also wanted to know what's that clipboard tool u used ?
It's built into the THM attack box
Thanks Dude ! You've helped me a lot , I was stuck on the payload, I forgot to close the php tag with ">" .It took me a long time to figure it out ^^.
Hi, Thanks for your effort. I've enjoyed every minutes. You explained extremly well and amuzed.
20:16 Absolutely made my Monday much better. Just glad I'm not a resident of Missouri...
Didn't get joke, can you explain?
@@howtobecometoolkit the Missouri governor received a responsible disclosure notice which involved viewing the page source, and then went on a vendetta about how it was hacking and against the law. Ars Technica has a couple articles on it.
Well explained, thank you ! Can you make more videos ? =D
were was the last answer , host name of webserver?
Thank you for this absolutely great video!
Thank you for the proof of concepts and thorough explanation.
if 36.09 we can add &cmd=hostname , and we will get the hostname ? No need to reverse shell for hostname.it is more easier
i did execute phpinfo script but could not find hostname ,,, can you help ?
@@meghpoddar1565 you should do same in the tutorial. After trying '&cmd=whoami ', try '&cmd=hostname'
Thanks For the Awesome Explanation. Love the Content.
I am getting that ZAP Error (Java Connection Refused). I saw it popped up for you too but then you kept going but I can't get past my error.
In the "URL to explore" box, I took the 's' off of https and it worked. It came up on the browser as https, just wouldnt work if I included it in the URL to explore. ...
I'm actually going to pin a comment about this because it was a bit of an oversight. But yes, closing the browser and reopening OR using 'http' not 'https' should do it
👍 Well explained, thank you !
Fun fact: on this specific box you can just omit the multiple `../`'s, and just request `?err=/proc/cpuinfo` for example. The leading slash is not sanitized. 😃
can someone explain me the 20:20 joke ?
git it, someone in that place got arrested for seeing the page source , lol
i keep getting a 405 error. Cant access the website
Did you connect to the machine with openvpn or attackbox?
you are talented and very capable, I would say, a brand new wind to industry! thank you for spreading the knowledge, I hope very much, you will find this energizing too, for at least for another couple of times!
You're very good and thorough in your lesson, thanks!
this is a great video, your style is amazing.
made the challenge all the more enjoyable
How would you find the log file if you didn't have it given to you for the app access log??
great video man. im new to THM and learned a lot from this video. new sub here!
Far too complicated for me and just confuses things when you go off script. I couldn’t get the cmd bit to work and gave up after an hour.
Where do you need help understanding?
Love the video , wish the written part had the same quirky humor 🤣
I typed “Late-Twenties boomer” and this is the first video that popped up
Then the algorithm has done its job
Killing me here - I've been living under a rock; someone please clue me in on Missouri and viewing page sources! [@ 20"] - - ahhh, never mind; found it. Lol!
I was struggling with the very last part finding the phpinfo file, danke.
why did I got TTL:63 when doing ping ? is that include linux server?
This is amazing. Please make more basic hacking videos.
Best task so far, learned lot of advanced stuff
just watched your vid on the wannacry break down.. you should make some more of those 🔎 🦠 🕵️
Hello, thank you for nice explanation! :) Could you please next time make your windows bigger so we can see your code on one line?
Yes, I still need to get better at this. But absolutely agree
make sure you move video quality from auto to 1080p youll be able to read the command line..
20:14 But how else do I get into the mainframe? Hahahaha
Awesome explanation
Amazing, Thank you for this Job
can we get answers to all questions asked on THM??
Thanks a lot for the great explanation! Was completely new to the topic and got to learn a lot
Really GOOD explaining
Awesome walkthrough!! Thank you!
Hey wanted to know about your DO NOT DO THIS joke lol i feel out of the loop
Google 'missouri F-12' and you'll see what I was referring to
first time hearing about their channel. I just found a gem, the explanation was flawless
Waaaay to in-depth, lost me several times. Is there a beginning video that follows Day 6?
I think THM probably has an intro level LFI room on their site as well. I'd say just focus on everything in the video up to 36:19 mark and don't worry about the advanced stuff
dam the remote exec was well explained! Thanks
I started laughing as soon as Missouri was mentioned
Great video! Really fun you got a reverse shell, but I'm wondering how you went from the interactive shell to having (in the next part) root@ip in that shell. How did you go from www-data to root? :) Thanks anyway
That root@[ip] with the green text is just the Attack Box's cmd shell, is that the one you're referring to? I didn't escalate to root on the target server
Hi HuskyHacks, the step when you add &cmd=whoami didn't work for me or the next step after it. so I am not getting the backdoor.php to work?
the only difference I am doing is using my own kali system and connecting over vpn.
I would need more info to help
Love the joke just before 21 minutes about viewing source code in the state of Missouri
you should do more videos like this, you are good at it :)