Bruteforcing MFA & Fail2ban Manipulation

Bruteforcing MFA & Fail2ban Manipulation - TryHackMe! (Biteme)

Рет қаралды 94,452

Күн бұрын

Пікірлер: 147

@quicksolution5881 2 жыл бұрын

Hey! Lovely video as always. Just wanted to say, the part where the hash of the password has to end in "001" in order to be valid and you've found one to be "abkr". You overworked the code a bit... For example you could have just made a single for loop going from a number 0 to 10000000, every number to string and just hash that, much easier and way less code to loop through numbers than ascii characters. The one i've found is 5265 with its hash being 'f127a3f714240273e254d740ed23f001'.

@DerMichael 2 жыл бұрын

I was able to follow pretty easily up to privilege escalation because of previous knowledge, but even the prev esc part was understandable because of your thorough explanations! Also loved to see that you actually took the time to code some brute forces (hash, code, and even directories (even though you didn't write the code yourself)). Sometimes it really does take some dirty, boring, and time-consuming work to get somewhere.

@rickyjenkins12 2 жыл бұрын

Loving the videos, currently studying for a cyber security degree here in the UK and find your videos are helping me pick up additional skills that are useful for my course. Thank you John

@amodo80 2 жыл бұрын

Fun fact: Because cryptographic hashes map evenly from all possible inputs to all possible outputs, it doesn't really matter what you're hashing. You could start at the number zero, take the hash from that and keep incrementing it by 1 until you hit your target hash. (or you could hash a random string/number every time) Because every hash outcome has the same probability to occur, (and all hashes ending in "001" also have the same probability) you will find your target hash just as quickly. Note: I converted the number to string here due to readability of the code. More straightforward computationally would be to simply hash bytes and increment those bytes until you hit your target. import hashlib i = 0 while True: m = hashlib.md5(str(i).encode()).hexdigest() if m[-3:] == '001': print(f'the md5sum of `{i}` is `{m}`') break i += 1

@waqasalikhanrajput 2 жыл бұрын

I just started learning with Hack the box and although I understood very little due to my technical knowledge. I enjoyed the video. I will come back to this video in 6 months time to see if my understanding has improved Great content!

@ahtungdihtung 2 жыл бұрын

How can you not subscribe to this? This is gold.

@railwireorbit7401 2 жыл бұрын

Just loved the way you teach all of us is very precious... love you john ....!! and thank you for keeping up the good work.

@mrnord1989 2 жыл бұрын

Crazy never seen such a brilliant person ☺️

@sam_sheridan 2 жыл бұрын

Great video, thanks for the intro to feroxbuster, wasn't familiar with that one.

@BrknSoul 2 жыл бұрын

I love how you pop the machine's IP into $IP and then never use $IP again. ;-)

@vincenzoprota984 2 жыл бұрын

Very very good, John I have often followed your videos, and I must say that you explain all the steps really well. I really liked the Priesc with the service to restart, with the help of the comnado watch. Really good.

@ITsikkerhet 2 жыл бұрын

I started watching your videos the same way people watch sports, so entertaining and educational! keep it up :D

@LapisOnTheMoon 2 жыл бұрын

i love this video mr ham hands ive missed the tryhackme content!! more pls

@trevorhaddox6884 2 жыл бұрын

I miss crazy stuff like PWNY Island and other big hacking competitions. Do people still host those anymore?

@Californ1a 2 жыл бұрын

I'd love to see more live competition stuff like the old king of the hill livestreams, especially the older streams when they didn't know the rooms yet. They don't make new rooms for those enough so it's just autopwn scripts for them all by now with the only competition being fighting for the king file and bricking the box which isn't really as interesting. HTB battlegrounds was interesting but felt too formal, I liked THM KotH streams since they were generally more laidback.

@bhagyalakshmi1053 Жыл бұрын

Your talent in following numbers are so more this one to you got talent .

@Channel-he5fr 2 жыл бұрын

😂 He said JSON instead of Jason 😂😂😂

@jorisschepers85 2 жыл бұрын

Thanks again John for this video. Best regards from a 'Normie'!

@patik237 2 жыл бұрын

Although I could follow till the end while getting also lost with the playing around python prog stuff it was amazing...great video as always...thanks John

@legionary000 2 жыл бұрын

19:31 "Umm, and actually I'm gonna do something stupid", with that voice crack xD I actually lol'd on that :D

@abdirahmann 2 жыл бұрын

This was a ton of fun. Thanks alot john. am also waiting, idk what am waiting but am waiting! 🤣🤣

@Lodinn 2 жыл бұрын

I'm watching it in part for all the cool github links and in part for console wizardry, don't want for it to be a full-time job for me but these things are just so cool to watch.

@yuanpeng2637 2 жыл бұрын

oh you are great， isee these things ， ifeel it so complicated😹

@kolmt3645 Жыл бұрын

from @26:38 to @28:30 you could simply just send any 4 digit MFA code and then in dev console right-click The post request from the network tab and select copy -> Copy as cURL.

@michaelkasede1489 2 жыл бұрын

That was a really fun challenge to watch and now I'm going to practically try it out.

@flaviudsi 2 жыл бұрын

Hey John.. Your video was great.. Had a lot of fun.. I've learned a lot.. Well, not sure how much I have assimilate it.. I still need to practice.. Chuck was right in his videos, you are great.

@mossdem 2 жыл бұрын

Haven't been here a while but happy to be back! Great video John as per usual

@webtvhd3141 2 жыл бұрын

Man loved the way you explain everyting first ever video keep up the good work. :-)

@y3wtub3 2 жыл бұрын

Nice video. Do you do any live boxes like fresh so we can see you stumble around a bit? I like that raw style.

@gabrielfkeith 2 жыл бұрын

This feels like old school Hammond. Love it.

@siriuswinter1065 2 жыл бұрын

i may be a few months late, but these videos always help me with my stuff, now i know what NOT to do when configuring.

@HAGSLAB 2 жыл бұрын

Nice video John. I've never seen .phps files in the wild before, but probably a good idea to include that extension when doing dirbuster etc. from now on. Privesc was pretty nice!

@kat90430 2 жыл бұрын

Dude, this is amaznig. I appreciate you content.

@curious_hrk 2 жыл бұрын

Really loved it. Learned a lot. Thank you so much for making great content. Really appreciate it. Love from India

@Relmor 2 жыл бұрын

Love watching your context bro👍🏼

@zihasz5305 2 жыл бұрын

Enjoyed the video as always!

@MaximumEffortInfoSec 2 жыл бұрын

awesome video will definately give that room a go looks fun

@Alan-jv5fq 2 жыл бұрын

That was awesome. Thanks john!

@zedex7426 2 жыл бұрын

john why are you rounding up at closest miltiole of 25 im curious 00:40

@terminatorfishstudios 2 жыл бұрын

The goal I get it is take the shortest route but damn leaving all your requests commands and logins logged, gonna be hard to cover up. Best video I’ve ever watched btw, no video has stood out to me so much, your knowledge is amazing!

@stfbrasil1989 2 жыл бұрын

Windows 8 Não precisa de ajuda nenhuma Entende de tudo né? É segurança da Informação?

@Rhyl4x 2 жыл бұрын

Another awesome video John... Really enjoy the content :)

@Carambolero 2 жыл бұрын

Subscribed. Wow. Amazing content. Thx.

@xx-mb4gj 2 жыл бұрын

Hey John! Also waiting! ;)

@rrd_webmania Жыл бұрын

Great video again. I would use ffuf instead of your bash command.

@goodboy8833 2 жыл бұрын

12:50 Very useful tip while hunting on php target.

@frametrails 2 жыл бұрын

Another great video. Could you please make a video on Active Directory Resources that can help us to prepare for OSCP (new exam changes)? Thanks a lot 🙂

@ajualex3503 2 жыл бұрын

please do check the cyber mentor 's zero to hero playlist

@huskyman20435 2 жыл бұрын

That ending hot me surprised

@cameronribeiro9660 2 жыл бұрын

John: Some ideas for you: I don't know every video you have on here but: "This is what an attack looks like on screen on Windows" "This is how the colonial pipeline happened and what I would have done to attempt avoiding it" "The is how pen testers and bug bounty did their job in the Mitnick days before Burp Suite existed" "This is how pen testers did their job before metasploit existed" "This is probably why Russian and Chinese hackers are so good" I'm thinking video like these would separate your account and put it at a new level of you have the time Nice to meet another hacker!!

@amodo80 2 жыл бұрын

Thanks for another great video. One question though: Why do you call the python script by invoking `python` when you have a python shebang set? Or asked the other way around: Why do you set a shebang when you don't chmod +x the script and execute directly?

@FalcoGer 2 жыл бұрын

I love wfuzz. It's so super versitile. Directory search, dns name search, fuzzing user agents, cookies, form posts. You can get stuff from files, encode on the fly, get your input from stdin and pipe hashcat or some python script into it

@TheCinefotografiando 2 жыл бұрын

You are a wonderful professor

@Frogstomp_actual 2 жыл бұрын

For the algorithm, great video sir.

@ernestoo8313 2 жыл бұрын

This was a lot of fun!

@matwright110 2 жыл бұрын

I hit the red button. keep up the good content :)

@tomasgorda 2 жыл бұрын

Thanx, again great video. And i’m a subscriber 🤣🤣🤣

@brandonlee2435 2 жыл бұрын

Why does chmod +s /bin/bash allow for privesc on demand?

@thepuzzlemaker2159 2 жыл бұрын

25:11 Ah, of course, my good friend -Jason- JSON

@DordiHOTS 2 жыл бұрын

People like you are the reason my accounts keep getting hacked lol

@cristianiordache6418 2 жыл бұрын

I loved It a lot! Thank You!

@CleftMan 2 жыл бұрын

I appreciate you.

@XiSparks 2 жыл бұрын

It is so ironic that fail2ban can be used for privesc. lol

@Whadafishbro 2 жыл бұрын

Waiting dudeee

@Axodus Жыл бұрын

Real life Uplink.

@truthabout2730 Жыл бұрын

Fail2ban enabled on the mfa would have been interesting

@somebodystealsmyname 2 жыл бұрын

Hey John, in your loop, wouldn't it be better to use ... grep -v "Incorrect code" && echo $i; break ...?

@bigbob0189 2 жыл бұрын

I’m new to cyber security but I’ve take. Some classes and am looking to get some certifications is there any you recommend?

@bigbob0189 2 жыл бұрын

Ps love the content man

@maxxximussyntaxxx4252 2 жыл бұрын

Anyone know what shell/interface he's using, been looking for it forever and can't find it. Really helps with the command and history prediction

@skullteria 2 жыл бұрын

how often did ppl ask you if you are related to kermit?

@abiteofsomtam 2 жыл бұрын

Awesome video!

@ketominer1016 2 жыл бұрын

on my computer the padding with {0000..9999} works in zsh but not in bash, am I the only one?

@gamingwithcloud007 Жыл бұрын

loved it 🔥🔥

@georgehammond867 2 жыл бұрын

What kind of system are you running? CPU /GPU etc..!

@ManiusPL 2 жыл бұрын

You are Brilliant :)

@Alex-sc2rc 2 жыл бұрын

I love how the room has 67 upvotes and john says 75.

@capability-snob 2 жыл бұрын

{ This video is Unmatched.

@devang4842 2 жыл бұрын

Legend!!

@hypedz1495 2 жыл бұрын

Will you do a clickjacking video next?

@ajavezzano3553 2 жыл бұрын

Ah yes,

@881350122 2 жыл бұрын

Loved it. Watched the whole thing and it is fascinating from start to end.

@user-bs3ji8ex2s 2 жыл бұрын

very good content bhaiya

@joaosidonio7562 6 ай бұрын

that was pretty cool

@an3ssh 2 жыл бұрын

I am soo noob right now and learning. I wonder how long would it take to brute force a 6 digit and a 8 digit code.

@REktSigMa 8 ай бұрын

Idk if anyone still answers questions from these older videos or not, but is that IP Address you copied is that the target IP address? Like the system you are attempting to Hack?

@_JohnHammond 8 ай бұрын

Yes, when TryHackMe finishes "start machine" after 60 seconds and gives you an IP address, that is the IP address of the machine (inside the VPN network) that you are targeting :)

@REktSigMa 8 ай бұрын

I am trying to learn all the ins and outs of ethical hacking, I would like to be able to protect myself, from all of these different avenues that Black Hat Hackers exploit every single day. Yō, I do watch all your videos bro. Love the content thanks. @@_JohnHammond

@REktSigMa 8 ай бұрын

I have had my Gmail account stolen once before, I use to play games on PlayStation and when I switched to PC no one told me about Hackers, I mean I knew they existed, but I didn't know they were everywhere on Steam. My friends on PSN were just friends, but I found out real fast that you cannot trust anyone on Steam at all. There was a thief that pretended to be a friend, that told me that he reported me for cheating, I was like, "What" because I have never cheated at any video game, but he led me to think that Steam anti-cheat personnel wanted to talk to me about this event and provided me a link to click. I didn't know any different, and they stole my Steam account and from there they broke into my Gmail, disabled 2fa, and almost broke into my PayPal where I have 800 dollars, Luckly Google shut that account down before they did. That has been a few years ago. But if Malware is what you like, Steam is full of it. @@_JohnHammond

@janosmarton7895 2 жыл бұрын

nice one buddy

@TheSaGiV13 2 жыл бұрын

Great vid

@NotTomWasHere 2 жыл бұрын

Good stuff

@dipeshdev6942 2 жыл бұрын

Waiting from Nepal

@aikisustin3094 2 жыл бұрын

i dont understand shit about what ur talking (i dont even know english) but ur voice is cool and i think if i watch this videos i will be a bit smarter

@eduardprivat9821 2 жыл бұрын

amazing!

@orlovsskibet 2 жыл бұрын

who in the world would configure the webserver to display phps ? Seems like a very bad idea

@ecu4321 4 ай бұрын

Unfortunately, I am getting an "ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running" under Debian 12

@oliverk6711 2 жыл бұрын

LastPass 👀

@_tun0 2 жыл бұрын

Thanks for teaching me something new as always!

@sechvnnull1524 2 жыл бұрын

Awesome!!

@devnullification 2 жыл бұрын

xxd isn't a builtin, but a part of vim... ;-)

@DamianRyse 2 жыл бұрын

I'm one of the other 45% \o/

@chanakshabajaj2332 2 жыл бұрын

sir can you make a csrf based video briefly explaining the topic\

@H4R4K1R1x 2 жыл бұрын

Awesome

@brucecouch3156 2 жыл бұрын

Amazingly Hackalisious!!!!!

@djsaekrakem3608 2 жыл бұрын

Couldn't bruteforce be prevented by limiting login attempts like X amount of times lockout for 30 minutes... Why isn't this more common as it was in 2011? This also why I hate 2fa and "type 4 digit code we sent your in your SMS"

@AntiAtheismIsUnstoppable 10 ай бұрын

That's how I do it on my web site, it starts with 1 second lockdown, then 2 seconds, then 4 and so on, up to I think it's 2^8 seconds. The lock down mechanism doesn't have any power like fail2ban has, other than it requests to put a ban on the IP (which can then be denied by other parts of the program). It's very possible because I have zero knowledge about fail2ban, but I am curious why that function has a power in itself. It looks to me like it should not have. Also, putting too much advanced things into this I think makes it more vulnerable, and I am not trying to take _all_ attacks, just the most obvious ones. I believe in layered security, not one thing fits all. Trying to take all attacks will be pointless, when you can just attack from random IPs and at random rate. And in the end, it's not even about these attacks, it's about how to protect _when_ the attack succeeds. Like, so many people use the same password for different services, and this fail2ban does not protect against that, if another service is hacked and passwords revelaed.