TryHackMe! Basic Penetration Testing
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
he never said "Im in" when hacking.... Very dissapointed
epic letdown
Looks like a amature hacker, no i'm in is a big no
Saying I’m in is the difference between a good and great hack. He will seriously need to work on this if he wants to improve.
Nice
To be real hacking is more like sex. Sometimes the other party just won't participate and there is nothing to gain, however once they do participate you will likely go in and out each time deeper and deeper multiple times until something brakes and you're done. Yes some times you can try brute forcing things, but it only works if the other party is weak. If you can't brute force things and well things don't go anywhere, you should try various other approaches and see if taking your time will make a difference.
i didn't understand a single shit of what was happening but i loved every single bit of it
You and me both lol
Haha same, hopefully one day most of this stuff doesn't fly over my head!
Start learning linux. That alone will make a lot of this stuff very clear.
"a single shit" I lold
i dont even know how to program and i find this very interesting even tho i dont understand whats going on :D
This is not hacking. All the texts are not in bright green color and doesn't have that "pip" sound on every letter pressed
Agreed, no Mr.Robot here
@@natking1u1z99 mr robot is accurate tho
@@natking1u1z99 Sorry Mr Robot is too accurate for this
@@natking1u1z99 wdym, mr.robot is actually pretty accurate when it comes to hacking (so no green colors or pip sounds)
@@natking1u1z99 ?????? did you even watch mr robot?
A real hacker would be wearing sunglasses in a dark room and listening to techno.
And big black hood
@@dermottobin9 I think you mean Doritos.
@@hematogen50g damn you beat me to this comment lol
aw man they missed out on the chance to call it 'trypenetrateme!'
I was gonna like your comment but it's sitting at 69 likes... nice
update... someone already fucked it up :/
lets get it to 420 then
It's so akward when you have to explain what pentester means..
@@xiampiii It's at 420 likes now.
You: And boom! we just completed the basic room!
Me: WTF was basic about that!?
Kkkkkkk mesma coisa irmão
Hermínio Cossa tf
Apenas Hackermans entendem Hackermans
@@herminiocossa3475 ne
It stops being basic when you have to develop your own tools and exploits lol
I am now in anonymous
hello Mr. Blizy i am big fan pls send me csgo knife please yes?
yes
Lol
elo blizy give naif yez
@@nahomgetiye2468 No you can't.
Yes we can.
Nope!
I have recently discovered your channel and there is no way for me to leave any watched video without thumbs up. I really like your style and way how you share knowledge. Awesome work! There's so much to learn!
Man you really made me watch 30 min and I didn`t even get bored xD. Great video.
same!
before reading this comment i didnt even think this video was 30 mins long well those 30 mins were well spent...
Great to see a higher level pentest explanation type video which doesn't bore you to death with every tiny detail but still goes over each of your steps.
If we see a tool or vector that's new to us we can follow up at a lower level later.
For a 30 min video you kept up a speed and momentum that was so easy to follow and engaging it seemed like its was much shorter. To me the sign of good video making is when you realise what you thought was short 5 or 10 min of viewing was actually half an hour or more.
Definitely leaving a deserved Thumbs Up on this Video and I'm now off to check out you other content. If this video is a typical I will be subscribing for sure.
Thanks so much! Appreciate all the kind words, I am happy to hear the video is well-received. Thanks for watching!!
I totally agree with this random stranger on the internet. I hope there's more videos on this try hack me stuff on your channel! Nice video and hope to be seeing more of those!
Hello
Ok boomer 🤣
Yeah yeah it was lit 👍
liked after 1 playthrough with intent to re watch because I enjoyed the first round so much I want to savor the sweet flavor of knowledge that is so refreshing to see and hear, videos are the new TEACHING method that work. Thank you so very much for making this!
This is excellent!! Liked, of course. So I’ll be watching again and again-not until I like it but until I completely understand it! Really good content, pace, insight and quality. Thank you so much.
Just started pen-testing in school whilst learning network security. Learned more during this than I did during 1 month of lectures+labs. Thank you!
John you made by life so easier by posting these videos and explaining everything in details!Thanks a lot it really helps newbies to learn ctfs!
Totally agree!
John Hammond is crazy!!
Starting to fall in love with you, for those detailed walkthrough videos.
Keep going John..
Super helpful, thank you for making this! Loved hearing how you think through this.
Him: "obviously this is some kind of beginner room here"
Me: Doesn't understand at all what he is doing and just sees random letters and numbers.
Its like a gamer trying to play dwarf fortress for the first time. Its completely gibberish to an untrained eye and it probably takes months or years to begin to understand. All in good practice though I assume.
Honestly the most important thing too understanding this video is becoming familiar with Linux. I'm not at all interested in pen-testing as a career, my only involvement is watching these videos. However, I'm able to keep up with the videos just with my existing knowledge of Linux. All the special tools he uses to brute force accounts are pretty self explanatory with a quick Google search.
I knew cybersec/pentesting was a challenge and a puzzle, but I never knew it was like this! Thank you for confirming that it's something I'd like to do with my life!
Will definitely check this out. Thanks for showing it
I appreciate your work. I am currently taking an Ethical Hacking course and find it very helpful watching you quickly go through the steps.
I took a class in Cyber Security during my Bachelor's some years ago. This was a cool way of seeing some of those concepts actually applied. I found your way of solving the problem very informational, and it was definitely very entertaining
I've been thinking of pursuing cyber security in uni, what's it like?
Starting my degree in Cyber Security this year, can't wait.
How did that turn out? 😁
im very new to pen testing but I am learning. Even though I can barely follow what your doing, seeing how you actually go about the process is incredibly enlightening.
my machine had port 8009 open so i spent most of the hour researching apache tomcat "ghostcat" vulnerability and was completely lost. humbled once again..
Well. The fact you decided to take the time to go over this and show how these basic concepts are done just got you a like and sub! GG!
John, thanks for making this video. Was really great to VPN in and use my own kali box as the attack box. Learned a lot of cool stuff.
Oh man. John coming at us AGAIN with the great info!
This is exactly what I was looking for. I've done a few HTB challenges. But I usually need help during them, because there are basic fundamentals I don't understand. And there are tools I didn't know exist. I can fumble my way through some boxes, but I'm usually pulling out my hair.
This is a wonderful service. And will hopefully solve exactly that issue for me. Thank you!
I was looking forward to starting HTB, what fundamentals would you say you were missing so that I may check if I'm on the same boat as you.
@@UnknownSend3r HTB is still great, and I highly advise it. It's super fun. I'm still quite unfamiliar with the Linux system as a whole. The syntax of many of the tools. And which tools to use, why, and when.
Sometimes I simply don't know where to look. But. The more practice I do, the more I learn.
Hack The Box is great, but it just kinda throws you in and you just like - do it. I like that.
Try Hack Me has stepping stones.
Give them both a shot.
DuckDuckGo and TH-cam have been extremely helpful though! xD
@@user-yd7ug3jb4t thanks, really appreciate the advice. Il definitely give HTB a go along with THM. Before I start any of them I plan to complete overthewire (along with my RHCSA studies) to get me familiar with the Linux command line. I also think since you're unfamiliar with the Linux system OTW would be a great place to start. It's geared towards those with little Linux experience who are interested in cybersec/hacking, and provides you with what commands you might need to complete each task. Goodluck on your journey.
@@UnknownSend3r I'll check it out! Good luck on your endeavours!
Its crazy to think this was the exact video that got me into cybersecurity a little over 1 year ago and this week i just landed a job in the industry. Much love to the TH-cam algorithm!
Do you have relative backgrounds of computer science before that? bc it sounds incredible to pick up cybersecurity within a year
@@halzoun6195 yeah I was in University studying information systems. So i already had a background in web development and some other programming. Also I wouldn't say i picked it up in a year because i am still trying to learn every day.
Dude thank you!!! This shows a lot, and how the process works, and the loved the logging your steps! I’m just starting out and this give me a great idea of what needs to be done!!!
me - print("hello world")
*I AM HACKER*
#Include
Int main();
{
std::cout
@@brotherindeed992 Weird flex but ok
@@brotherindeed992 const f = "H";
let u = "E";
let c = "L";
let k = "LO";
let y = "W";
let o = "O";
console.log(f + u +c + k);
let u = "RLD";
console.log(y + o + u);
This took me so long to type
@@brotherindeed992 Wait, how do you use std::cout with lol
Either std::cout from or printf() from
@@h-0058 I learnt c++ on my own but my college demands I write all programs in c, hence the mindfuck.
Thank you brother your funny as heck. Man, I appreciate your openness throughout this walk-through. Also your willingness to help others who may not be as far along as you are in this Field. What are your Goals after this, and have you reached them, or are you still going to make Quality Content for us Viewers to enjoy? I want to say thank you for your time and the Passion that you have for this.
Thank you John for having such great videos!
Please make more of these videos of you explaining the steps. This video motivated me to get off my couch and turn on my laptop at 1am. Thank you!!!
Thanks for showing this site off, I'm about a month out from OSCP exam and I am going to run through the OSCP prep path.
Heck yeah! That's a solid plan! Hopefully I can get some videos out for the OSCP path soon. Thanks for watching!
Nate Golick good luck on OSCP exam Nate!
@@aqeebhussain9032 Thank you 🙏
All the best!
How did it gooo? :D
Just found this video after looking into THM. I've always had easier learning from watching something get done than to just read about it theoretically. I know it's a bit over a year old but this still gave me some valuable knowledge and a few ideas on how to do things on my own later on. Thank you. Subbed ofc. 10/10 channel!
Hey man I saw your red teaming exercise video a few months ago and it was crazy inspiring so I lost it when I found your channel today! I'm a cyber security student here in Canada and sometimes it feels like we have so much to learn but you do a great job explaining it! Subscribed
First time on your channel and I absolutely love it. Thank you for sharing your knowledge! ❤️
Currently a cybersecurity student and just recently finished a class on pentesting and will be participating in pentesting tournaments soon with my school. Amazing job and what a great resource that you have shared hopefully we will be using this site to practice! Thank you!
That is excellent, awesome to hear that!! Thanks so much for the kind words, I do hope you use TryHackMe to learn more and more!
Wow seeing this walkthrough has really opened my eyes to what must be done to gain access. I'm definitely getting into cybersecurity now. Great video!
Excellent, I am very happy to hear that! Thanks so much for watching!
The phrase I expect to hear after "really opened my eyes to what must be done to gain access" is you DON'T want to do cybersecurity (or your own hacking). I have a hard time imagining what you mean. Is it: "cybersecurity sounds like a really easy job, because I can sit back and know there are so many defences already in place"? I can't imagine any other way you get from your first thought to the second. Are you just lazy, or really excited about learning how to invade the privacy of others? Nothing else makes sense here.
@@squirlmy He probably just thinks that this was cool ^^
@@squirlmy you're great at parties I bet
@@cdev-kz3lj yeah, I don't get invited to parties anymore since all the fatalities at the last one. But you can hardly blame me, the axe was right there, just begging to be used!
Thank you John for helping me learn.
Great video. I like your style. Thanks. Can't wait to see your next one.
I can't believe I haven't heard of tryhackme before but I'm so excited to go try it out! Great video, can't wit to learn some new stuff!
I hope you enjoy it, I think it is a blast! Thanks for watching!
And also hack the box ,just try that
Are u a experienced hacker ?
@@pianodotexe3852 google
Ed Sheeran when he isn't making music.
Ginger : *exists*
People : eD sHeErAn
@@CobraunieSC true 😂
i just tried this challenge today, and it was good to follow your techniques and procedures.
Great demo of the tools and well deserved sub! Thanks.
no "I'm attacking the firewall" and visualization of tetris being played to break said wall....disappointed
I've been using computers my whole life and my entire career is in software but I have never really dabbled in pen testing or "hacking" even though I am familiar with the concepts. I am so glad I came across your video because it really inspired me to learn more about it and it seems like TryHackMe! is the exact type of platform that I do best on when trying to learn new concepts. You gave a very brief explanation each time you used a new utility in your toolkit but to save us time scrubbing your video and searching for everything, would mind updating the description and listing out and/or linking to what was used? Thanks for posting this video - I love your style.
This is really fun to watch. I like the hands on approach!
The best channel that TH-cam has recommended to me in a long time
I'm in IT administration for 20 years but never went in-dept in that stuff. Now you left me speechless.
if youre an admin for 20 years chances are really high that you never even properly learned about cyber security at all
I've just discovered your channel. I'm super super new at learning coding, hacking and all this, but your videos are really enjoyables! and you help a lot to familiarize with all the technical words and stuff (yeah, I'm not that technical for now XD). Thanks for explaining what you do and what you see, I've already subscribed.
this is amazing. I am so glad I found your channel. This is going to expedite my learning process so much, thank you so much for your videos. Definitely subd. great stuff.
Just realized how much I've got to learn.
Little sad that my university's IT program didn't have a pen testing course or introduction aside from mentioning it as a side topic. I took some Linux security courses focused on policies and configuration but I never really got exposed to tools such as these. However, I did take some digital forensics courses, so this was very similar to that with respect to data investigation. Also decent hint for threat modelers and network admins to pay attention to their policies considering how easily these tools can slip through.
Love the walk thru, as I am just getting to use their service. This was helpful to see.
Great stuff and good explained... 2 Months ago did not understand anything until went through all the Tools which were used in this tutorial.
Thanks a lot for giving the overview. Really helpful for n00bs like me.
Happy to hear that! Thanks so much for watching!
I watched this the first time and got motivated (Had no idea what was going on though).
So I went over to overthewire bandit and after reading TONS of articles I was able to finish all the levels(I had zero experience in this field, also had to see 4 solutions).
Now I'm in picoCTF checking out different fields(Whilst reading TONS of articles).
I came back here and surprisingly I understood most of the things that you did (Not that I know the tools you used or anything but I can relate to the concept itself).
The only thing that I have to read about to understand more is the ssh2john part.
Anyways Just letting you know that your videos are an inspiration.
I have been training since 1st October and I will be joining a capture-the-flag competition which is for middle east.
I'll keep you updated with the results (I am not expecting to get a good rank but want to see how well I can do).
ssh2john is just a command for John the Ripper for bruteforcing ssh2 passwords
Very informative, and fun to watch. Thanks for sharing.
Don’t stop these videos they are amazing!!!
Seems like a more organized version of Hack The Box. Definitely giving this a spin.
I tend to agree -- I'm sure you will love it if you try it out, there is a lot of great activities in there!
Yeah, I visited the site today and it does feel more organized and also If we subscribe we can get paths which is amazing for newbies like myself.
More focused on learning
This was fun to do. I have been in IT for a long time and I feel like this kind of stuff is what is going to get me really passionately back into it. I also decided I was going to use Ubuntu instead of Kali because I do like to control the packages that are on my machine, plus it is an opportunity to continue to do stuff in Linux that I do not always get to do (compile code from source etc). Really looking forward to continuing on THM and other avenues. Would really like to get into bug bounties as time permits on my spare time.
how has it gone for you?
just got this video, really just got a chance to watch. Fantastic i really hope you do more of these.
Thank you John. Sharing very appreciated!
It would be great if you made a catalog of all the tools you have ready in opt. Although I know most of them I never actually install them in my Linux machine and would be great to have a place where everything is kept for a rainy day :)
Hi John. Amazing videos. Hardly had any clue what was going on but found it fascinating nonetheless. Just out of curiosity, do you know or would recommend any resources to learn absolute basics from?
wow, I loved how you did all of this in a 30 min video while it took me over a day to get it. But I didn't know about many of these tools you mentioned here. Thanks for the video and keep up the good work.
He probably already completed it on its own. I also didn't knew about some of the tools. But for example Nmap and dir/gobuster are very frequently used for recon
Thanks John Hammond. Great video
🙂make more awesome videos especially on the basics ... It's was even challenging for such a beginner like me to understand most of the magic you did 👍
I have no clue what just happened, but it was very entertaining!
The only video about any code related that didn't bore me for 30 mins. Great video! Keep it up!!
Dude, awesome video. Looking to learn more about security and you just showed me a ton of resources to get going. Thanks.
was expecting "i'm in" but i still love ya xd
Great vid! Should do a series of these lessons, showing the tools and the capabilities and tryhackme is a perfect site to test them with.
Absolutely plan to-- just gotta make the time for it! Thanks so much for watching!
John Hammond yes please do more video like these. Really like your approach and note taking. Hoping to learn more best practices
Cheers Mate. That was awesome. To be honest this was my first PEN test video I have ever watched and thought that it was magic.
Thanks for everything John Hammond. You inspired me a lot as a cybersecurity student. I hope one day i will be like you. You are the GOAT.
A great fan from FRANCE ❤
Amazing. Thank you. Awesome. Do you know if "linPEAS is allowed in the OSCP exam?
As far as I know, no -- it is not in their Exam Restrictions. support.offensive-security.com/oscp-exam-guide/
I had used LinEnum without an issue. Thanks for watching!
would love a series going through some of these machines.
I'll see what I can do! Thanks for watching!
@@_JohnHammond how to made bugs cyber
never knew that i actually understood and know much of if! Going to try, thanks John
Really motivated to expand my knowledge in terms of cybersecurity . Subscribed! Thank you
And now something more added to my 2022 "must play with"
I definitely recommend it! TryHackMe is great!
Hey John, I've recently been made redundant and I was in two minds of a career change at age of 41. I started looking into cybersecurity your channel popped up in the search results. I watched this video to the very end, I sat back in my chair, I took a sip of my tea thinking, that was f@£king cool!! I want to do that for a career. I'm now on the long path to become an expert in cybersecurity just because of your video, thank you.
Rock on! I had the same experience when corona hit. Got hired four months ago. Employees market for sure.
Just noticed you posted 11m ago. How is it going?
@@IkkeBareAnders Hi Anders, tbh at the beginning information overload to pick theough. The path I decided to go down is Hack the box learning path. Ive come to grips with the tool about 2 months ago I'm doing bug bounties hacker1 im still along way off my goal one hack at a time.
Awesome. What I like is how simple he makes it. Its a tour, explanation amd example all rolled together.
@@andrefreewill4730 awesome. I yried metasploit on my own android but I couldnt get access. Or at least results. I tried the camera and a few others. But thats why we are always learning, right? It's fun
Thanks for teaching me about gobuster, enum4linux, basic Hydra usage, linpeas and ssh2john. It might seem simple to use these tools, but not knowing about their existence is a hurdle to overcome. Cheers!
man, this was fascinating!!!!!!!!!!!!!
I’m 15:00 in and I’ve come to realize that being able to build a PC, overclock it’s hardware, instal an OS and other hardware monitoring programs is not very impressive in the world of PCs. I understood a very minimal amount of what you were doing. Looking at the source code of a website, and using the program similar to a command prompt. What you were telling the program to search for - no idea. The significance of those 4 numbers you noted down is - no idea. I imagine it would take years of practise to actual be able to hack something. My 34 year old brain isn’t a sharp as it used to be and is only going to get worse. The ship may have sailed for me regarding the ability to hack. I have enjoyed what I’ve watched so far! Well done!
@@ekonomija8718 Very good but most machines have private ip addresses within a single network space, that has its own public ip address. This is because with IPv4, around 4 billion addresses are possible, and yet we have billions of IoT devices, so we use the public one as the "gateway" into the network, usually a router, and each individual device has its own private ip address within the network
Not true if you can read you can learn it.
added to my to-do list about a year ago then forgot about it and today I finally completed the room. Thanks to you.💯
Awesome. This is my first time seeing something like this. Great Job!
I love how free from shame TryHackMe is. I tried to get into pentesting very early on, I think this was the early 00's, with a similar service.
But back then, there was so much snobbery. The site was meant to be used to learn, but you got no hints, no instructions. You just loaded up the first page and was supposed to know what to do already.
This was when search engines were still in their very early versions, so trying to look up writeups wasn't an option either. Going on forums would give you one of two responses: Why are you hacking? and You don't even know the basics?
So yeah, it was hard getting into pentesting 15-20 years ago, unless you shelled out a few thousand on courses. You couldn't really go for the books, since nobody would tell you what you needed to research.
But today, with services like TryHackMe, it's much more open. Free, or close to free education for the masses. And Internet has become a much more secure place thanks to it.
"there is no shame"
that goes right through my heart xd
awesome, keep doing this. learned a lot and would like to watch more from your channel...
Just an awesome narrative. Thanks mate.👍
This dude must be a legit hacker...stole Seth Rogen's identity AND his voice.
You’re like a more intelligent, ginger Seth Rogan. Love the video man. I’ll have to *start using tryhackme too!
Ha, thanks for the kind words! I definitely recommend it!
I was thinking the EXACT same thing lol.
Used this video as reference the two times I got stuck - helped me not rabbit hole inefficiently - thank you!
Nicely done Mr Hammond.
Hi John, thanks for the great tutorials!
I have an issue. After running john2ssh and saving it into hash.txt, I run john with the hash.txt. It gives me 'No password hashes loaded (see FAQ)'. Furthermore, I tried providing it with the rockyou.txt wordlist but it keeps giving me the same error.
hey I have never attempted Penetration testing but I would love to start because it fascinates me I just cant understand anything, I was wondering how you got started and if you have any help for me.
And? Did you start learning?
@@Juliana-mo7ef Probably not, get real lol
@@ilias5185 wdym with get real
I'd enjoy watching, you made it seen so easy, but the thing is to learn from it. THANK YOU.
John, you are great! it's funny this video it's around 30 minutes but it took me about a week to actually do it! lol. You had multiple programs already install and since I didn't, I was forced to stop all the time and quickly install them and then continue with your video. Regardless I felt like a pro once I completed the video and the room in TryHackMe. Therefore, thank you, John! I'm planning on following your content closely and practicing as much as possible in Try Hack me!!
How did you learn all this and understand it so easily? I've been interested and im a computer science major, but I feel like theres so much to learn but dont know where to start.
i have been learning from a facebook ad i saw and its really helped me heres the website. There are loads of small courses you get that build up your knowledge and even some courses that get you ready for CEH, CCSP AND CISSP
Hacking seems to be very different to what you would learn in Comp Sci but some skills you may have from that could be useful
There's a 15 hour tutorial on basic pentesting information and strategies on yt, go check it out