for a long time i've been scared of touching ctf for the complexity and stuff but for real you are amazing and you opened my apetite for this , so thanx a ton
I just love to watch your videos. It's because of you that I got to learn many new stuffs. Thank you very much. Plz keep posting new videos and also do suggest new tools and new methods to tackle situations. Lots of love from India 👍😍❤️
Nice walkthru - I missed the Teamviewer/Win-rm stuff when I did this one and escalated with 'Invoke-ServiceAbuse' (after an unplanned KOH with someone else trying to do the same ;-) )
I know you tried zsh at one point, did you not enjoy that shell experience? Another good video big guy, thanks for sharing your experience with the community.
You could have connected via teamviewer if you had the teamviewer id. This id can be obtained from the windows registry if your IIS user was able to access it. Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer Key: clientid
I think you couldn't scroll back when enumerating with winpeas, since terminator has a default scroll back history. You could disable that for "infinite" scrollback
When your enumeration skilz become parallel enumeration. New CTF challenge using your microphone to enumerate through all the pronunciation possibilities of your scripting toolz until the interpreter spits out the flag 😁
Does anyone have a nudge for TypeError: 'NoneType' object is not subscriptable? I used the exploit from the github repo with the requirement.txt file. Used quotes for url like the readme. Probably a connection problem? The script will also complain when there's no args input -a for -c ipconfig or other one worders. Any help would be great
Hey, I need to understand, if u could run that revsehll from the beggining, so why didnt u go for it? There is a special requaierment to that revshll cuz it looks it is gonna work on any windows pc... Ty very much! Hope you will answer me:)
He literally says this in the video pretty early on. For the very pretty cat output: github.com/sharkdp/bat There's also this nice list of *very* useful tools to improve it. remysharp.com/2018/08/23/cli-improved He's also using terminator, as you can see up in the top left corner of the terminal, where it says /opt/terminator.
My issue with all these CTF's is, rarely does any of that work in a real world pen test, especially when you are given 40 hours to test a network, not just 1 machine. and dirbuster? in 15 years its not come in handy beacuse, REAL COMPANIES DONT USE WORDPRESS lol
"All the interesting stuff is seemingly just me." - John Hammond, 2020.
grandma approved
I am 13 and I learn so much from you!!! Keep it coming!
Same :D
Nice :D
for a long time i've been scared of touching ctf for the complexity and stuff but for real you are amazing and you opened my apetite for this , so thanx a ton
Pretty excited to see your approach especially the priv esc part. I did the lazy way of team viewer.
Ha, I probably did the "lazy way" too. :)
I'm happy you're doing these again :)
Maybe I can catch the stream
This is such a satisfying video to watch ... thank you ...
Vibing to the TH-cam premier music a minute before it plays
When you put the playback speed on x2 and can see into the future
45:38 It's funny that John didn't realise that when he used DIR, the length was showed automatically :)
Very cool box this one. Thanks for the good explanation! Keep doing these.
I just love to watch your videos. It's because of you that I got to learn many new stuffs. Thank you very much. Plz keep posting new videos and also do suggest new tools and new methods to tackle situations. Lots of love from India 👍😍❤️
Nice walkthru - I missed the Teamviewer/Win-rm stuff when I did this one and escalated with 'Invoke-ServiceAbuse' (after an unplanned KOH with someone else trying to do the same ;-) )
Amazing! Thank you John!
right when you said Acme I knew it was some wild e coyote shenanigans
I know you tried zsh at one point, did you not enjoy that shell experience? Another good video big guy, thanks for sharing your experience with the community.
"I know it's just an easy box" he says..
Little did he know, `cURL` comes with modern windows 10
That machine was really fun to play with
Thank you For Awesome videos
I've pleaser to watching you hacking stuff, thanks a lot.
9:00 Can you provide a link to that "batman" bash extension? I can't seem to find it.
i found it here github.com/sharkdp/bat
Nice Video 👍🏻
Do you work on a virtual Maschine ?
wow, that's scary. Thank you for the video! Learned a lot from it!
Awesome content by the way...I'm a huge fan!!! kudos!
Very helpful, 39:48 now I know how can you upload a shell without blocking.
again a great video by john..keep up the good work 👍
Hey John, pretty excited... Love your videos 👍
You could have connected via teamviewer if you had the teamviewer id. This id can be obtained from the windows registry if your IIS user was able to access it. Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer Key: clientid
Pleaseeee bring your videos daily...❤
Great I always lear something new evry watch ur vdio
"TH-cam Algorithm stuff"
Wha keyboard are you using? It sounds really great.
John. It is pronounced as “umbraco” and “gif”
PS: awesome video, as always!
amazing skills, thanks for the videos
on your video, did you overlooked the gobuster output for "install" giving you a status code of 302? This usually contains juicy information.
The redirect was to the umbraco login page
On a actual system you Won't be able to use msfvenom or metasploit. How do I do such things John?
Do you have any more tips for becoming a specialist in cybersecurity
Learn. Practice. Learn more. Practice more. Repeat.
Edit: maybe throw a shower in there somewhere, that helps as well.
Hey brother your videos are awesome!!
Thanks so much!
happy funky Friday is funny because Im looking this at a friday
what do you think about parrot os? would you like to do a ctf on this os?
hey john, cronos box in HTB is retired now can you do video on that. ?!
I think you couldn't scroll back when enumerating with winpeas, since terminator has a default scroll back history. You could disable that for "infinite" scrollback
good time! enjoyed
When your enumeration skilz become parallel enumeration. New CTF challenge using your microphone to enumerate through all the pronunciation possibilities of your scripting toolz until the interpreter spits out the flag 😁
Does anyone have a nudge for TypeError: 'NoneType' object is not subscriptable? I used the exploit from the github repo with the requirement.txt file. Used quotes for url like the readme. Probably a connection problem? The script will also complain when there's no args input -a for -c ipconfig or other one worders. Any help would be great
John love your video. keep it up. Unfortunately bunch of the machine you have done seems to be retired. Cant find them on the site
6:00 "The holy words" 😆
he said holy wars
Ubuntu or Kali Linux?
Awesome as always!
How do you get into a win 10 then with Windows antivirus active? (So wanna hop into my brother's machine, just to see if I can)
Hey,
I need to understand, if u could run that revsehll from the beggining, so why didnt u go for it?
There is a special requaierment to that revshll cuz it looks it is gonna work on any windows pc...
Ty very much! Hope you will answer me:)
how can i join your discord channel i ran $verify but its not working any help???????
12:50 uhhhhh that's not a "quick snapshot"
Can you help me with an exploit on windows10 through open port 6881 which is the BitTorrent server open port.
John! Are you working on a special Linux distribution or is it just simple ubuntu with tools installed?
Just a simple Ubuntu installation with tools installed :) Thanks for watching!
Hey sir what didn;t u use wmic.exe to remote code exexute
When you said "GOOGLE MAPS" it closes out of TH-cam and reopened the Google maps app
I still trip out on how these are "easy" machines...should be medium at the very least.
Do you use another terminal like "Terminator" or it's just color scheme extension ?
He literally says this in the video pretty early on. For the very pretty cat output:
github.com/sharkdp/bat
There's also this nice list of *very* useful tools to improve it. remysharp.com/2018/08/23/cli-improved
He's also using terminator, as you can see up in the top left corner of the terminal, where it says /opt/terminator.
@@chemputer Tenks
19:47
this code is offensive to python
Okay using win-rm i have issues getting the rubey gems file to install....you should do a video on install at least
Do you follow ippsec? Because this isn't the first time you posted the same htb bix at the same time 😜
every Saturday hackthebox retires an old box so there's nothing to follow
umbreako, umbraco, hahaha JIF, GIF, made me laugh :)
Umbra co
um-bra-co, bro.
Dude i love you
OP
I think the metasploit exploit failed because the base dir was set wrong
Bro I love your work but please your too fast. Some explanations needed on some tools used. But Otherwise I love your work. Your a great person
I love this video 🤩 😍💖💖💟 please make more this type videos big fan sir from India
Cool!
My issue with all these CTF's is, rarely does any of that work in a real world pen test, especially when you are given 40 hours to test a network, not just 1 machine. and dirbuster? in 15 years its not come in handy beacuse, REAL COMPANIES DONT USE WORDPRESS lol
Intresting
keep it up love from iraq ♥️
You're a beast!
# Nice, keep it up 👍🤩
Nice
"youtube algorithm"
Cool.
0:15 I can relate bro :{ LOL
You didn't even migrate your meterpreter
hey
ho
do you know ippsec?
lol - looks nearly a 1:1 copy of it. 🙊
I watched ippsecs video a few days before and yeah this is basically exactly the same steps he took, disappointing
I don't think so. ippsec gets crazy with the linux commands
Am I the only one here where all the exploits don't go well? I even finished this box with the Burp suite 😑😕
you are the exploit bruh !
Silly comment for the algoritm
it's pronounced umbraco
I have a idea look at my identity there will be a name to give them that Will help you know me from them
Lol "easy box"
tu fast thats why you dont aprove de cert
*Generic silly comment*
花儿都等谢了
16th comment 1,367th view
You're not that good but you can hack teh box
Hey John can u take a look on WWBuddy at tryhackme ?
The abstracted theater basally pat because lyric disturbingly preach during a curious blood. ten, nebulous rainbow