I know this video is a little old but I used the same reverse shell as you with the same listening command but when I run the new command nothing shows up on the port I am listening to. Can you help me please?

Great walkthrough! Appreciate you showcasing the room!

Nice videos!

nice video dude! keep it up

Nice n easy intro room. I can't wait to be done with school so i can get back into the enjoyment of HTB and THM.

Thanks sir for honest review ❤❤❤

script for sql injection is not working

Happy New Year! These look like some great books to add to my collection. I just got Black Hat Bash for Christmas I'm excited to dig into. -DW @ TRZ

thx man keep up the great work of your's

some feedback fwiw I'm new to hacking, as I figure most people who would look up a walkthrough on an easy rated room would be. You start your video setting up variables and talking about scripts you've written as well as using an interface outside of the tryhackme website's default attackbox setup. That pretty much told me right off the bat, as a new user/hacker this isn't the video for me. I stopped watching after the first minute. being an easy room, the people who are looking up walk throughs are brand new. We are typing everything you type into our own instance of the room. We are learning by following..if that makes sense. You may be trying to cater to more advanced hackers who, for some reason, need a walkthrough of an easy room. If that's the case please disregard the above. I just wanted to leave some feedback in a helpful way.

❤❤🎉 .

thank you!

Hey great to put a face to a name! Now your handle makes so much more sense. Great walkthrough.

everything was clear on my end

thanks!

CHEF WUZ HERE!

🎉🎉🎉 thanks!

Thx ❤

Superb sir

I was asked for comte's Password

1. Amazing! 2. Please don't stop creating these! All the best from Europe :)

But didnt you notice that the code is slightly broken? With netcat for example. It really makes it hard for me to follow.

So instructive. Thanks for your channel!

Very informative and helpful, many thanks🎉

Where is the file 'payload.txt'? Is it a file from Kali itself or did you create it? I'm a bit confused about this part. Can you please help me?

Can you make a video about the experience in the hackthebox program

why didnt you just use elastic gui as provided?

Great channel, good explanation. Also first time I see someone posting their mistakes, really nice. It shows how long it can take someone to go over these challenges and keep it real

Amazon provide a good quality refurbished monitors you can buy from there for a small amount of money and how was it going your health condition after the surgery are you fine right now..

Thanks bro , subscribed ❤🎉 .

import argparse import socket # import shlex import subprocess import sys import textwrap import threading def execute(cmd): cmd = cmd.strip(' ') if not cmd: return cmd = cmd.split(' ') output = subprocess.Popen(cmd,text=True,stderr=subprocess.PIPE,stdout=subprocess.PIPE) result,error = output.communicate() return result # output = subprocess.check_output(shlex.split(cmd),stderr=subprocess.STDOUT) # return output.decode() class NetCat: def __init__(self, args, buffer=None): self.args = args self.buffer = buffer self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) def run(self): if self.args.listen: self.listen() else: self.send() def send(self): # client mode print('client mode') self.socket.connect((self.args.target, self.args.port)) if self.buffer: # send the initial buffer self.socket.send(self.buffer) try: while True: recv_len = 1 response = '' while recv_len: data = self.socket.recv(4096) recv_len = len(data) response += data.decode() if recv_len < 4096: break if response: print(response) buffer = input('> ') buffer += ' ' self.socket.send(buffer.encode()) except KeyboardInterrupt: print('User terminated.') self.socket.close() sys.exit() def listen(self): # server mode print('listening') self.socket.bind((self.args.target, self.args.port)) self.socket.listen(5) # Queue of upto 5 pending connection while True: client_socket, _ = self.socket.accept() client_thread = threading.Thread(target=self.handle, args=(client_socket,)) client_thread.start() def handle(self, client_socket): if self.args.execute: output = execute(self.args.execute) client_socket.send(output.encode()) elif self.args.upload: file_buffer = b'' while True: data = client_socket.recv(4096) if data: file_buffer += data print(len(file_buffer)) else: break with open(self.args.upload, 'wb') as f: f.write(file_buffer) message = f'Saved file {self.args.upload}' client_socket.send(message.encode()) elif self.args.command: cmd_buffer = b'' while True: try: client_socket.send(b' #> ') while ' ' not in cmd_buffer.decode(): cmd_buffer += client_socket.recv(64) response = execute(cmd_buffer.decode()) if response: client_socket.send(response.encode()) cmd_buffer = b'' except Exception as e: print(f'server killed {e}') self.socket.close() sys.exit() if __name__ == '__main__': parser = argparse.ArgumentParser( description='BHP NetCat Tool', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=textwrap.dedent('''Example: netcat.py -t 192.168.1.108 -p 5555 -l -c # command shell netcat.py -t 192.168.1.108 -p 5555 -l -u=mytest.whatisup # upload to file netcat.py -t 192.168.1.108 -p 5555 -l -e=\"cat /etc/passwd\" # execute command echo 'ABCDEFGHI' | ./netcat.py -t 192.168.1.108 -p 135 # echo local text to server port 135 netcat.py -t 192.168.1.108 -p 5555 # connect to server ''')) # below are the command line arguments parser.add_argument('-c', '--command', action='store_true', help='initialize command shell') parser.add_argument('-e', '--execute', help='execute specified command') parser.add_argument('-l', '--listen', action='store_true', help='listen') parser.add_argument('-p', '--port', type=int, default=5555, help='specified port') parser.add_argument('-t', '--target', default='192.168.1.203', help='specified IP') parser.add_argument('-u', '--upload', help='upload file') args = parser.parse_args() if args.listen: buffer = '' else: buffer = sys.stdin.read() nc = NetCat(args, buffer.encode('utf-8')) nc.run()

Any ways to protect my site from this?

Does this attack work with Microsoft sites? The normal Ms query has brackets which would cause the query to fail.

good vid

🎉👍🏻

the fuking mario steps are so A. s 😅

Hello, can you suggest top 10-5 books that are really good (in your opinion) for ethical hacking / cyber security learning for getting from level 0 to 100. Also I have a question, currently my logic is to try different types of hacking on my own stuff as I think practice is the fastest way to understand a specific topic, what do you think about such an approach?

Would you recommend this book for someone with experience?

Tho the information isn't really challenging, you have a very good voice for teaching and instructing. Please make more videos 🙌🏽

Awesome content! Learned a lot in this room as well!

Thank you for the book review! 👏👏

Hii sir....great news i has been haired as infra L1 support Engineer in trivandrum, Kerala... It was my first interview i answered 95% of the question and next one was hr round also i cracked it then i got the offer letter yesterday

which course did you studied in the school?

what would you have done if you didnt know about PSPY64? That was where I hit a wall and didnt know what to do! Thanks for the walkthrough.

Sir...add sume hashtag in the video..... The Video will reach to people who searching for the tools and about CTF......like #CTF #hacking etc...

Hey man ty so much for your vids, they are really helpfull and are helping me a lot to understand what am i reading. I hope you continue these series!

I am so sorry. I forgot to push the code up to github. It is there now.

Love the look of your setup and layout for Arch. I have a friend who's been running Arch for about 6 months now. Seems like more work than I'm willing to put in lol.